storm-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kabh...@apache.org
Subject [1/3] storm git commit: STORM-1834: Documentation How to Generate Certificates For Local Testing SSL Setup
Date Fri, 08 Jul 2016 09:41:10 GMT
Repository: storm
Updated Branches:
  refs/heads/master f57c9aada -> 34bfe923a


STORM-1834: Documentation How to Generate Certificates For Local Testing SSL Setup


Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/b2c33e28
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/b2c33e28
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/b2c33e28

Branch: refs/heads/master
Commit: b2c33e28654827c61f97f868fd1dccd7fa5d7810
Parents: f57c9aa
Author: Hugo Louro <hmclouro@gmail.com>
Authored: Fri May 13 15:46:50 2016 -0700
Committer: Jungtaek Lim <kabhwan@gmail.com>
Committed: Fri Jul 8 18:39:09 2016 +0900

----------------------------------------------------------------------
 SECURITY.md | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/storm/blob/b2c33e28/SECURITY.md
----------------------------------------------------------------------
diff --git a/SECURITY.md b/SECURITY.md
index e9966b6..5aa3bd0 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -133,7 +133,31 @@ To set up 2-way authentication:
 1. `drpc.https.want.client.auth` (If this set to true, server requests for client certificate
authentication, but keeps the connection even if no authentication is provided)
 2. `drpc.https.need.client.auth` (If this set to true, server requires the client to provide
authentication)
 
+#### GENERATE CERTIFICATES FOR LOCAL TESTING SSL SETUP
 
+Run the following script and fill in the values and passwords when prompted. The `keyalg`
must be set to `RSA`
+
+```bash
+#!/bin/bash
+
+DIR=/Users/user/certs/dir/
+
+keytool -keystore $DIR/server.keystore.jks -alias localhost -validity 365 -keyalg RSA -genkey
+
+openssl req -new -x509 -keyout $DIR/ca-key -out $DIR/ca-cert -days 365
+
+keytool -keystore $DIR/server.truststore.jks -alias CARoot -import -file $DIR/ca-cert
+
+keytool -keystore $DIR/client.truststore.jks -alias CARoot -import -file $DIR/ca-cert
+
+keytool -keystore $DIR/server.keystore.jks -alias localhost -certreq -file $DIR/cert-file
+
+openssl x509 -req -CA $DIR/ca-cert -CAkey $DIR/ca-key -in $DIR/cert-file -out $DIR/cert-signed
-days 365 -CAcreateserial -passin pass:test12
+
+keytool -keystore $DIR/server.keystore.jks -alias CARoot -import -file $DIR/ca-cert
+
+keytool -keystore $DIR/server.keystore.jks -alias localhost -import -file $DIR/cert-signed
+```
 
 ## Authentication (Kerberos)
 
@@ -469,7 +493,6 @@ nimbus.groups:
    - "storm"
 ```
 
-
 ### DRPC
 Hopefully more on this soon
 


Mime
View raw message