Jämförda versioner

Gammal version 10

changes.mady.by.user Hans Thunberg

Sparat den

jämfört med

Ny version 11

changes.mady.by.user Hans Thunberg

Sparat den

Nyckel

  • Dessa rader lades till.
  • Denna rad togs bort.
  • Formateringen ändrades.

...

Kodblock
languagebash
titlegenerateKeystoregenerate-ntjpprod-Keystore.sh
rm -rf generated-jks
mkdir generated-jks

rm -rf generated-pem
mkdir generated-pem


echo "=== Export SITHS CA's as PEM ===" 
openssl x509 -inform DER -in "../CA/SITHS/SITHS_Type_2_CA_v1.cer" -out generated-pem/siths_type_2_ca_v1.pem -outform PEM
openssl x509 -inform DER -in "../CA/SITHS/SITHS_Root_CA_v1.crt" -out generated-pem/siths_root_ca_v1.pem -outform PEM


# Export P12 Certificate (PEM)


echo "=== Export esb.ntjp.sjunet.org.p12 Certificate (PEM) ===" 
openssl pkcs12 -in ../skltp/esb.ntjp.sjunet.org_legitimering_pkcs12_prod.p12 -out generated-pem/esb.ntjp.sjunet.org.p12.crt.pem -nokeys


# Export P12 Certificate (PEM)


echo "=== Export esb.ntjp.se.p12 Certificate (PEM) ===" 
openssl pkcs12 -in ../skltp/esb.ntjp.se_legitimering_pkcs12_prod.p12 -out generated-pem/esb.ntjp.se.p12.crt.pem -nokeys


# SITHS TYPE 2 CA V1 + SITHS ROOT V1 (PEM)


echo "=== Create SITHS CA Chain ==="
cat generated-pem/siths_type_2_ca_v1.pem generated-pem/siths_root_ca_v1.pem > generated-pem/ca_chain.pem


# Remove Header.


echo "=== Remove Bag Header from PEM ===" 
openssl x509 -in generated-pem/esb.ntjp.sjunet.org.p12.crt.pem -out generated-pem/esb.ntjp.sjunet.org.p12.crt.out.pem
openssl x509 -in generated-pem/esb.ntjp.se.p12.crt.pem -out generated-pem/esb.ntjp.se.p12.crt.out.pem


# Create Complete Certificate Chain.


echo "=== Create Complete Certificate Chain ===" 
cat generated-pem/esb.ntjp.sjunet.org.p12.crt.out.pem generated-pem/ca_chain.pem > generated-pem/esb.ntjp.sjunet.org_cert_chain.pem
cat generated-pem/esb.ntjp.se.p12.crt.out.pem generated-pem/ca_chain.pem > generated-pem/esb.ntjp.se_cert_chain.pem


# Import P12 to Keystore


echo "=== Import esb.ntjp.sjunet.org.p12 (alias: esb.ntjp.sjunet.org) to Keystore: esb.ntjp.sjunet.org.jks ===" 
keytool -importkeystore -srckeystore ../skltp/esb.ntjp.sjunet.org.p12 -srcalias esb.ntjp.sjunet.org -srcstoretype PKCS12 -destkeystore generated-jks/esb.ntjp.sjunet.org.jks  -destalias esb.ntjp.sjunet.org -deststoretype JKS


echo "=== Import esb.ntjp.se.p12 (alias: esb.ntjp.se) to Keystore: esb.ntjp.se.jks ===" 
keytool -importkeystore -srckeystore ../skltp/esb.ntjp.se.p12 -srcalias esb.ntjp.se -srcstoretype PKCS12 -destkeystore generated-jks/esb.ntjp.se.jks  -destalias esb.ntjp.se -deststoretype JKS

# Import Complete Certifcate Chain


echo "=== Import Complete Certificate Chain to Keystore: esb.ntjp.sjunet.org.jks===" 
keytool -import -trustcacerts -keystore generated-jks/esb.ntjp.sjunet.org.jks -alias esb.ntjp.sjunet.org -file generated-pem/esb.ntjp.sjunet.org_cert_chain.pem  -noprompt


echo "=== Import Complete Certificate Chain to Keystore: esb.ntjp.se.jks===" 
keytool -import -trustcacerts -keystore generated-jks/esb.ntjp.se.jks -alias esb.ntjp.se -file generated-pem/esb.ntjp.se_cert_chain.pem  -noprompt


# Change sharing and permissions on JKS files
chmod 444 generated-jks/*.jks

...