[jira] [Commented] (KNOX-477) Document the use of openssl and keytool to import cert for gateway SSL

Mon, 08 Dec 2014 08:59:52 -0800 

    [ 
https://issues.apache.org/jira/browse/KNOX-477?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14238064#comment-14238064
 ] 

ASF subversion and git services commented on KNOX-477:
------------------------------------------------------

Commit 1643865 from [~lmc...@apache.org]
[ https://svn.apache.org/r1643865 ]

KNOX-477 - better docs for certificate management

> Document the use of openssl and keytool to import cert for gateway SSL
> ----------------------------------------------------------------------
>
>                 Key: KNOX-477
>                 URL: https://issues.apache.org/jira/browse/KNOX-477
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Site
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>
> * created a private key using openssl - "openssl genrsa -out privatekey.pem 
> 1024"
> * created cert using openssl - "openssl req -new -x509 -key privatekey.pem 
> -out publickey.cer -days 1825"
> * converted them to a PKCS12 store using openssl - "openssl pkcs12 -export 
> -out public_privatekey.pfx -inkey privatekey.pem -in publickey.cer"
> * import PKCS12 store into gateway.jks using keytool - "keytool 
> -importkeystore -srckeystore public_privatekey.pfx -srcstoretype PKCS12 
> -keystore gateway.jks"
> * changed the alias of the imported key pair to "gateway-identity" using 
> keytool - "keytool -changealias -alias "1" -destalias "gateway-identity" 
> -keystore gateway.jks -storepass knoxpw"
> * changed the key passphrase to something that I could know using keytool - 
> "keytool -keypasswd  -alias gateway-identity -keystore gateway.jks"
> * provisioned the key passphrase into __gateway-credentials.jceks using 
> knoxcli.sh create-alias gateway-identity-passphrase - "bin/knoxcli.sh 
> create-alias gateway-identity-passphrase"
> NOTE: You have to make sure that the keystore passwords are the same as the 
> master secret for the knox instance. If you are unsure of the master secret 
> then create a new one before you start the above: "bin/knoxcli.sh 
> create-master"



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to