SSL (RSA) *.keygen.sh tool upgraded. Added PKCS8 pem format. Tested and fixed keygen.properties to run with no warning. Removed 'mqtt' prefix from output files to fix confusion when applying keys for other protocols.
This commit is contained in:
Sergey Matvienko
Andrew Shvayka
parent
c5c8fbd3f7
commit
3f72bc4b54
@ -44,7 +44,8 @@ done
|
||||
|
||||
. $PROPERTIES_FILE
|
||||
|
||||
if [ -f $CLIENT_FILE_PREFIX.jks ] || [ -f $CLIENT_FILE_PREFIX.pub.pem ] || [ -f $CLIENT_FILE_PREFIX.nopass.pem ] || [ -f $CLIENT_FILE_PREFIX.pem ] || [ -f $CLIENT_FILE_PREFIX.p12 ];
|
||||
if [ -f $CLIENT_FILE_PREFIX.jks ] || [ -f $CLIENT_FILE_PREFIX.pub.pem ] || [ -f $CLIENT_FILE_PREFIX.nopass.pem ] || \
|
||||
[ -f $CLIENT_FILE_PREFIX.pem ] || [ -f $CLIENT_FILE_PREFIX.p12 ] || [ -f $CLIENT_FILE_PREFIX.pk8.pem ];
|
||||
then
|
||||
while :
|
||||
do
|
||||
@ -62,6 +63,7 @@ while :
|
||||
rm -rf $CLIENT_FILE_PREFIX.nopass.pem
|
||||
rm -rf $CLIENT_FILE_PREFIX.pem
|
||||
rm -rf $CLIENT_FILE_PREFIX.p12
|
||||
rm -rf $CLIENT_FILE_PREFIX.pk8.pem
|
||||
break;
|
||||
;;
|
||||
*) echo "Please reply 'yes' or 'no'"
|
||||
@ -84,6 +86,8 @@ if [ -z "$OPENSSL_CMD" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "INFO: your hostname is $(hostname)"
|
||||
echo "INFO: your CN (domain suffix) for key is $DOMAIN_SUFFIX"
|
||||
echo "Generating SSL Key Pair..."
|
||||
|
||||
keytool -genkeypair -v \
|
||||
@ -112,7 +116,15 @@ echo "Converting pkcs12 to pem"
|
||||
openssl pkcs12 -in $CLIENT_FILE_PREFIX.p12 \
|
||||
-out $CLIENT_FILE_PREFIX.pem \
|
||||
-passin pass:$CLIENT_KEY_PASSWORD \
|
||||
-passout pass:$CLIENT_KEY_PASSWORD \
|
||||
-passout pass:$CLIENT_KEY_PASSWORD
|
||||
|
||||
echo "Converting pem to pkcs8"
|
||||
openssl pkcs8 \
|
||||
-topk8 \
|
||||
-nocrypt \
|
||||
-in $CLIENT_FILE_PREFIX.pem \
|
||||
-out $CLIENT_FILE_PREFIX.pk8.pem \
|
||||
-passin pass:$CLIENT_KEY_PASSWORD
|
||||
|
||||
echo "Importing server public key to $CLIENT_FILE_PREFIX.jks"
|
||||
keytool --importcert \
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Copyright © 2016-2017 The Thingsboard Authors
|
||||
# Copyright © 2016-2021 The Thingsboard Authors
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@ -18,15 +18,15 @@ DOMAIN_SUFFIX="$(hostname)"
|
||||
SUBJECT_ALTERNATIVE_NAMES="ip:127.0.0.1"
|
||||
ORGANIZATIONAL_UNIT=Thingsboard
|
||||
ORGANIZATION=Thingsboard
|
||||
CITY=SF
|
||||
CITY="San Francisco"
|
||||
STATE_OR_PROVINCE=CA
|
||||
TWO_LETTER_COUNTRY_CODE=US
|
||||
|
||||
SERVER_KEYSTORE_PASSWORD=server_ks_password
|
||||
SERVER_KEY_PASSWORD=server_key_password
|
||||
SERVER_KEYSTORE_PASSWORD=password
|
||||
SERVER_KEY_PASSWORD=password
|
||||
|
||||
SERVER_KEY_ALIAS="serveralias"
|
||||
SERVER_FILE_PREFIX="mqttserver"
|
||||
SERVER_FILE_PREFIX="server"
|
||||
SERVER_KEY_ALG="RSA"
|
||||
SERVER_KEY_SIZE="2048"
|
||||
SERVER_KEYSTORE_DIR="/etc/thingsboard/conf"
|
||||
@ -35,6 +35,6 @@ CLIENT_KEYSTORE_PASSWORD=password
|
||||
CLIENT_KEY_PASSWORD=password
|
||||
|
||||
CLIENT_KEY_ALIAS="clientalias"
|
||||
CLIENT_FILE_PREFIX="mqttclient"
|
||||
CLIENT_FILE_PREFIX="client"
|
||||
CLIENT_KEY_ALG="RSA"
|
||||
CLIENT_KEY_SIZE="2048"
|
||||
|
||||
@ -60,7 +60,8 @@ fi
|
||||
|
||||
. $PROPERTIES_FILE
|
||||
|
||||
if [ -f $SERVER_FILE_PREFIX.jks ] || [ -f $SERVER_FILE_PREFIX.cer ] || [ -f $SERVER_FILE_PREFIX.pub.pem ] || [ -f $SERVER_FILE_PREFIX.pub.der ];
|
||||
if [ -f $SERVER_FILE_PREFIX.jks ] || [ -f $SERVER_FILE_PREFIX.cer ] || [ -f $SERVER_FILE_PREFIX.pub.pem ] || \
|
||||
[ -f $SERVER_FILE_PREFIX.p12 ] || [ -f $SERVER_FILE_PREFIX.pem ] || [ -f $SERVER_FILE_PREFIX.pk8.pem ] ;
|
||||
then
|
||||
while :
|
||||
do
|
||||
@ -76,6 +77,9 @@ while :
|
||||
rm -rf $SERVER_FILE_PREFIX.jks
|
||||
rm -rf $SERVER_FILE_PREFIX.pub.pem
|
||||
rm -rf $SERVER_FILE_PREFIX.cer
|
||||
rm -rf $SERVER_FILE_PREFIX.p12
|
||||
rm -rf $SERVER_FILE_PREFIX.pem
|
||||
rm -rf $SERVER_FILE_PREFIX.pk8.pem
|
||||
break;
|
||||
;;
|
||||
*) echo "Please reply 'yes' or 'no'"
|
||||
@ -84,6 +88,8 @@ while :
|
||||
done
|
||||
fi
|
||||
|
||||
echo "INFO: your hostname is $(hostname)"
|
||||
echo "INFO: your CN (domain suffix) for key is $DOMAIN_SUFFIX"
|
||||
echo "Generating SSL Key Pair..."
|
||||
|
||||
EXT=""
|
||||
@ -121,6 +127,32 @@ keytool -export \
|
||||
-storepass $SERVER_KEYSTORE_PASSWORD \
|
||||
-keypass $SERVER_KEY_PASSWORD
|
||||
|
||||
echo "Converting keystore to pkcs12"
|
||||
keytool -importkeystore \
|
||||
-srckeystore $SERVER_FILE_PREFIX.jks \
|
||||
-destkeystore $SERVER_FILE_PREFIX.p12 \
|
||||
-srcalias $SERVER_KEY_ALIAS \
|
||||
-srcstoretype jks \
|
||||
-deststoretype pkcs12 \
|
||||
-srcstorepass $SERVER_KEYSTORE_PASSWORD \
|
||||
-deststorepass $SERVER_KEY_PASSWORD \
|
||||
-srckeypass $SERVER_KEY_PASSWORD \
|
||||
-destkeypass $SERVER_KEY_PASSWORD
|
||||
|
||||
echo "Converting pkcs12 to pem"
|
||||
openssl pkcs12 -in $SERVER_FILE_PREFIX.p12 \
|
||||
-out $SERVER_FILE_PREFIX.pem \
|
||||
-passin pass:$SERVER_KEY_PASSWORD \
|
||||
-passout pass:$SERVER_KEY_PASSWORD
|
||||
|
||||
echo "Converting pem to pkcs8"
|
||||
openssl pkcs8 \
|
||||
-topk8 \
|
||||
-nocrypt \
|
||||
-in $SERVER_FILE_PREFIX.pem \
|
||||
-out $SERVER_FILE_PREFIX.pk8.pem \
|
||||
-passin pass:$SERVER_KEY_PASSWORD
|
||||
|
||||
status=$?
|
||||
if [[ $status != 0 ]]; then
|
||||
exit $status;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user