Sidjämförelse

...

Scriptet genererar 2 keystores i detta fallet, då det finns 2 klientcertifikat (ett för internet och ett för sjunet).

Produktion

Kodblock

language	bash
title	generate-ntjpprod-Keystore.sh

rm -rf generated-jks
mkdir generated-jks

rm -rf generated-pem
mkdir generated-pem


echo "=== Export SITHS CA's as PEM ===" 
openssl x509 -inform DER -in "../CA/SITHS/SITHS_Type_2_CA_v1.cer" -out generated-pem/siths_type_2_ca_v1.pem -outform PEM
openssl x509 -inform DER -in "../CA/SITHS/SITHS_Root_CA_v1.crt" -out generated-pem/siths_root_ca_v1.pem -outform PEM


# Export P12 Certificate (PEM)


echo "=== Export esb.ntjp.sjunet.org.p12 Certificate (PEM) ===" 
openssl pkcs12 -in ../skltp/esb.ntjp.sjunet.org_legitimering_pkcs12_prod.p12 -out generated-pem/esb.ntjp.sjunet.org.p12.crt.pem -nokeys


# Export P12 Certificate (PEM)


echo "=== Export esb.ntjp.se.p12 Certificate (PEM) ===" 
openssl pkcs12 -in ../skltp/esb.ntjp.se_legitimering_pkcs12_prod.p12 -out generated-pem/esb.ntjp.se.p12.crt.pem -nokeys


# SITHS TYPE 2 CA V1 + SITHS ROOT V1 (PEM)


echo "=== Create SITHS CA Chain ==="
cat generated-pem/siths_type_2_ca_v1.pem generated-pem/siths_root_ca_v1.pem > generated-pem/ca_chain.pem


# Remove Header.


echo "=== Remove Bag Header from PEM ===" 
openssl x509 -in generated-pem/esb.ntjp.sjunet.org.p12.crt.pem -out generated-pem/esb.ntjp.sjunet.org.p12.crt.out.pem
openssl x509 -in generated-pem/esb.ntjp.se.p12.crt.pem -out generated-pem/esb.ntjp.se.p12.crt.out.pem


# Create Complete Certificate Chain.


echo "=== Create Complete Certificate Chain ===" 
cat generated-pem/esb.ntjp.sjunet.org.p12.crt.out.pem generated-pem/ca_chain.pem > generated-pem/esb.ntjp.sjunet.org_cert_chain.pem
cat generated-pem/esb.ntjp.se.p12.crt.out.pem generated-pem/ca_chain.pem > generated-pem/esb.ntjp.se_cert_chain.pem


# Import P12 to Keystore


echo "=== Import esb.ntjp.sjunet.org.p12 (alias: esb.ntjp.sjunet.org) to Keystore: esb.ntjp.sjunet.org.jks ===" 
keytool -importkeystore -srckeystore ../skltp/esb.ntjp.sjunet.org.p12 -srcalias esb.ntjp.sjunet.org -srcstoretype PKCS12 -destkeystore generated-jks/esb.ntjp.sjunet.org.jks  -destalias esb.ntjp.sjunet.org -deststoretype JKS


echo "=== Import esb.ntjp.se.p12 (alias: esb.ntjp.se) to Keystore: esb.ntjp.se.jks ===" 
keytool -importkeystore -srckeystore ../skltp/esb.ntjp.se.p12 -srcalias esb.ntjp.se -srcstoretype PKCS12 -destkeystore generated-jks/esb.ntjp.se.jks  -destalias esb.ntjp.se -deststoretype JKS

# Import Complete Certifcate Chain


echo "=== Import Complete Certificate Chain to Keystore: esb.ntjp.sjunet.org.jks===" 
keytool -import -trustcacerts -keystore generated-jks/esb.ntjp.sjunet.org.jks -alias esb.ntjp.sjunet.org -file generated-pem/esb.ntjp.sjunet.org_cert_chain.pem  -noprompt


echo "=== Import Complete Certificate Chain to Keystore: esb.ntjp.se.jks===" 
keytool -import -trustcacerts -keystore generated-jks/esb.ntjp.se.jks -alias esb.ntjp.se -file generated-pem/esb.ntjp.se_cert_chain.pem  -noprompt


# Change sharing and permissions on JKS files
chmod 444 generated-jks/*.jks

QA

Kodblock

rm -rf generated-jks
mkdir generated-jks
 
rm -rf generated-pem
mkdir generated-pem
 
 
echo "=== Export SITHS CA's as PEM ==="
openssl x509 -inform DER -in "../CA/SITHS/SITHS_Type_2_CA_v1_PP.crt" -out generated-pem/siths_type_2_ca_v1_PP.pem -outform PEM
openssl x509 -inform DER -in "../CA/SITHS/SITHS_Root_CA_v1_PP.crt" -out generated-pem/siths_root_ca_v1_PP.pem -outform PEM
 
 
# Export P12 Certificate (PEM) Sjunet
echo "=== Export esb.ntjp.sjunet.org.p12 Certificate (PEM) ==="
openssl pkcs12 -in ../skltp/qa.esb.ntjp.sjunet.org_auth.p12 -out generated-pem/qa.esb.ntjp.sjunet.org.p12.crt.pem -nokeys
  
 
# SITHS TYPE 2 CA V1 + SITHS ROOT V1 (PEM)
echo "=== Create SITHS CA Chain ==="
cat generated-pem/siths_type_2_ca_v1_PP.pem generated-pem/siths_root_ca_v1_PP.pem > generated-pem/ca_chain.pem
 
 
# Remove Header.
echo "=== Remove Bag Header from PEM ==="
openssl x509 -in generated-pem/qa.esb.ntjp.sjunet.org.p12.crt.pem -out generated-pem/qa.esb.ntjp.sjunet.org.p12.crt.out.pem
 
# Create Complete Certificate Chain.
echo "=== Create Complete Certificate Chain ==="
cat generated-pem/qa.esb.ntjp.sjunet.org.p12.crt.out.pem generated-pem/ca_chain.pem > generated-pem/qa.esb.ntjp.sjunet.org_cert_chain.pem 
 
# Import P12 to Keystore
echo "=== Import qa.esb.ntjp.sjunet.org.p12 (alias: qa.esb.ntjp.sjunet.org) to Keystore: qa.esb.ntjp.sjunet.org.jks ==="
keytool -importkeystore -srckeystore ../skltp/qa.esb.ntjp.sjunet.org_auth.p12 -srcalias qa.esb.ntjp.sjunet.org -srcstoretype PKCS12 -destkeystore generated-jks/qa.esb.ntjp.sjunet.org.jks  -destalias qa.esb.ntjp.sjunet.org -deststoretype JKS
 
  
# Import Complete Certifcate Chain
echo "=== Import Complete Certificate Chain to Keystore: qa.esb.ntjp.sjunet.org.jks==="
keytool -import -trustcacerts -keystore generated-jks/qa.esb.ntjp.sjunet.org.jks -alias qa.esb.ntjp.sjunet.org -file generated-pem/qa.esb.ntjp.sjunet.org_cert_chain.pem  -noprompt
 
  
 
# Change sharing and permissions on JKS files
chmod 444 generated-jks/*.jks

Verifiera certifikatskedjan med openssl

...

Jämförda versioner

Gammal version 11

Ny version 12

Nyckel

Produktion

QA

Verifiera certifikatskedjan med openssl