Merge pull request #4884 from rzucareli/patch-1
Add Subject alternative name
This commit is contained in:
commit
5af6819360
|
@ -20,65 +20,65 @@ all: clean create-keystore add-host create-truststore add-client
|
||||||
|
|
||||||
create-keystore:
|
create-keystore:
|
||||||
# Generate a certificate authority (CA)
|
# Generate a certificate authority (CA)
|
||||||
keytool -genkey -alias ca -ext BC=ca:true \
|
keytool -genkey -alias ca -ext san=dns:localhost,ip:127.0.0.1 -ext BC=ca:true \
|
||||||
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \
|
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \
|
||||||
-validity 3650 -dname $(DNAME_CA) \
|
-validity 3650 -dname $(DNAME_CA) \
|
||||||
-keystore $(KEYSTORE) -storepass $(PASSWORD)
|
-keystore $(KEYSTORE) -storepass $(PASSWORD)
|
||||||
|
|
||||||
add-host:
|
add-host:
|
||||||
# Generate a host certificate
|
# Generate a host certificate
|
||||||
keytool -genkey -alias $(HOSTNAME) \
|
keytool -genkey -alias $(HOSTNAME) -ext san=dns:localhost,ip:127.0.0.1 \
|
||||||
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \
|
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \
|
||||||
-validity 3650 -dname $(DNAME_HOST) \
|
-validity 3650 -dname $(DNAME_HOST) \
|
||||||
-keystore $(KEYSTORE) -storepass $(PASSWORD)
|
-keystore $(KEYSTORE) -storepass $(PASSWORD)
|
||||||
# Generate a host certificate signing request
|
# Generate a host certificate signing request
|
||||||
keytool -certreq -alias $(HOSTNAME) -ext BC=ca:true \
|
keytool -certreq -alias $(HOSTNAME) -ext san=dns:localhost,ip:127.0.0.1 -ext BC=ca:true \
|
||||||
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA \
|
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA \
|
||||||
-validity 3650 -file "$(HOSTNAME).csr" \
|
-validity 3650 -file "$(HOSTNAME).csr" \
|
||||||
-keystore $(KEYSTORE) -storepass $(PASSWORD)
|
-keystore $(KEYSTORE) -storepass $(PASSWORD)
|
||||||
# Generate signed certificate with the certificate authority
|
# Generate signed certificate with the certificate authority
|
||||||
keytool -gencert -alias ca \
|
keytool -gencert -alias ca -ext san=dns:localhost,ip:127.0.0.1 \
|
||||||
-validity 3650 -sigalg SHA512withRSA \
|
-validity 3650 -sigalg SHA512withRSA \
|
||||||
-infile "$(HOSTNAME).csr" -outfile "$(HOSTNAME).crt" -rfc \
|
-infile "$(HOSTNAME).csr" -outfile "$(HOSTNAME).crt" -rfc \
|
||||||
-keystore $(KEYSTORE) -storepass $(PASSWORD)
|
-keystore $(KEYSTORE) -storepass $(PASSWORD)
|
||||||
# Import signed certificate into the keystore
|
# Import signed certificate into the keystore
|
||||||
keytool -import -trustcacerts -alias $(HOSTNAME) \
|
keytool -import -trustcacerts -alias $(HOSTNAME) -ext san=dns:localhost,ip:127.0.0.1 \
|
||||||
-file "$(HOSTNAME).crt" \
|
-file "$(HOSTNAME).crt" \
|
||||||
-keystore $(KEYSTORE) -storepass $(PASSWORD)
|
-keystore $(KEYSTORE) -storepass $(PASSWORD)
|
||||||
|
|
||||||
export-authority:
|
export-authority:
|
||||||
# Export certificate authority
|
# Export certificate authority
|
||||||
keytool -export -alias ca -file ca.crt -rfc \
|
keytool -export -alias ca -ext san=dns:localhost,ip:127.0.0.1 -file ca.crt -rfc \
|
||||||
-keystore $(KEYSTORE) -storepass $(PASSWORD)
|
-keystore $(KEYSTORE) -storepass $(PASSWORD)
|
||||||
|
|
||||||
|
|
||||||
create-truststore: export-authority
|
create-truststore: export-authority
|
||||||
# Import certificate authority into a new truststore
|
# Import certificate authority into a new truststore
|
||||||
keytool -import -trustcacerts -noprompt -alias ca -file ca.crt \
|
keytool -import -trustcacerts -noprompt -alias ca -ext san=dns:localhost,ip:127.0.0.1 -file ca.crt \
|
||||||
-keystore $(TRUSTSTORE) -storepass $(PASSWORD)
|
-keystore $(TRUSTSTORE) -storepass $(PASSWORD)
|
||||||
|
|
||||||
add-client:
|
add-client:
|
||||||
# Generate client certificate
|
# Generate client certificate
|
||||||
keytool -genkey -alias $(CLIENTNAME) \
|
keytool -genkey -alias $(CLIENTNAME) -ext san=dns:localhost,ip:127.0.0.1 \
|
||||||
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \
|
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \
|
||||||
-validity 3650 -dname $(DNAME_CLIENT) \
|
-validity 3650 -dname $(DNAME_CLIENT) \
|
||||||
-keystore $(TRUSTSTORE) -storepass $(PASSWORD)
|
-keystore $(TRUSTSTORE) -storepass $(PASSWORD)
|
||||||
# Generate a host certificate signing request
|
# Generate a host certificate signing request
|
||||||
keytool -certreq -alias $(CLIENTNAME) -ext BC=ca:true \
|
keytool -certreq -alias $(CLIENTNAME) -ext san=dns:localhost,ip:127.0.0.1 -ext BC=ca:true \
|
||||||
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA \
|
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA \
|
||||||
-validity 3650 -file "$(CLIENTNAME).csr" \
|
-validity 3650 -file "$(CLIENTNAME).csr" \
|
||||||
-keystore $(TRUSTSTORE) -storepass $(PASSWORD)
|
-keystore $(TRUSTSTORE) -storepass $(PASSWORD)
|
||||||
# Generate signed certificate with the certificate authority
|
# Generate signed certificate with the certificate authority
|
||||||
keytool -gencert -alias ca \
|
keytool -gencert -alias ca -ext san=dns:localhost,ip:127.0.0.1 \
|
||||||
-validity 3650 -sigalg SHA512withRSA \
|
-validity 3650 -sigalg SHA512withRSA \
|
||||||
-infile "$(CLIENTNAME).csr" -outfile "$(CLIENTNAME).crt" -rfc \
|
-infile "$(CLIENTNAME).csr" -outfile "$(CLIENTNAME).crt" -rfc \
|
||||||
-keystore $(KEYSTORE) -storepass $(PASSWORD)
|
-keystore $(KEYSTORE) -storepass $(PASSWORD)
|
||||||
# Import signed certificate into the truststore
|
# Import signed certificate into the truststore
|
||||||
keytool -import -trustcacerts -alias $(CLIENTNAME) \
|
keytool -import -trustcacerts -alias $(CLIENTNAME) -ext san=dns:localhost,ip:127.0.0.1 \
|
||||||
-file "$(CLIENTNAME).crt" \
|
-file "$(CLIENTNAME).crt" \
|
||||||
-keystore $(TRUSTSTORE) -storepass $(PASSWORD)
|
-keystore $(TRUSTSTORE) -storepass $(PASSWORD)
|
||||||
# Export private certificate for importing into a browser
|
# Export private certificate for importing into a browser
|
||||||
keytool -importkeystore -srcalias $(CLIENTNAME) \
|
keytool -importkeystore -srcalias $(CLIENTNAME) -ext san=dns:localhost,ip:127.0.0.1 \
|
||||||
-srckeystore $(TRUSTSTORE) -srcstorepass $(PASSWORD) \
|
-srckeystore $(TRUSTSTORE) -srcstorepass $(PASSWORD) \
|
||||||
-destkeystore "$(CLIENTNAME).p12" -deststorepass $(PASSWORD) \
|
-destkeystore "$(CLIENTNAME).p12" -deststorepass $(PASSWORD) \
|
||||||
-deststoretype PKCS12
|
-deststoretype PKCS12
|
||||||
|
|
Loading…
Reference in New Issue