1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82
|
#!/bin/sh
# Tim carver
# keys.sh
#
# Creates RSA keystores
#
# Usage: keys.sh directory_to_put_keys hostname key_password
#
# 13 March 02
ssl_create_keystore()
{
HOST=$1
JEMBOSS_RES=$2
KEYSTORE=$3
ALIAS=$4
PASSWD=$5
VALID=$6
keytool -genkey -alias $ALIAS -dname "CN=$HOST, \
OU=Jemboss, O=HGMP-RC, L=CAMBRIDGE, S=CAMBRIDGE, C=UK" -keyalg RSA \
-keypass $PASSWD -storepass $PASSWD -keystore $JEMBOSS_RES/$KEYSTORE.keystore -validity $VALID
keytool -export -alias $ALIAS -storepass $PASSWD -file $JEMBOSS_RES/$KEYSTORE.cer \
-keystore $JEMBOSS_RES/$KEYSTORE.keystore
}
ssl_import()
{
FILE=$1
KEYSTORE=$2
JEMBOSS_RES=$3
echo "**********IMPORTING"
keytool -import -v -trustcacerts -alias tomcat -file $JEMBOSS_RES/$FILE -keystore \
$JEMBOSS_RES/$KEYSTORE -keypass $PASSWD -storepass $PASSWD -noprompt
}
echo
echo "Enter where to store the keys and certificates:"
read JEMBOSS_RES
echo
echo "Enter your surname:"
read HOST
echo
echo "Enter a password to use to create the keys with"
echo "(at least 6 characters):"
read PASSWD
echo
echo "Provide the validity period for these certificates, i.e. the"
echo "number of days before they expire and new ones need to be made [90]:"
read VALID
echo
if [ "$VALID" = "" ]; then
VALID=90
fi
#
# create the keystores & export the certificates
#
ssl_create_keystore "server" $JEMBOSS_RES "server" "tomcat-sv" $PASSWD $VALID
ssl_create_keystore "Client" $JEMBOSS_RES "client" "tomcat-cl" $PASSWD $VALID
#
# import certificates into keystores - so server trusts client...
#
ssl_import server.cer client.keystore $JEMBOSS_RES $PASSWD
ssl_import client.cer server.keystore $JEMBOSS_RES $PASSWD
exit 0;
|