storm-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kabh...@apache.org
Subject [1/3] storm git commit: STORM-1834: Documentation How to Generate Certificates For Local Testing SSL Setup
Date Fri, 08 Jul 2016 09:41:24 GMT
Repository: storm
Updated Branches:
  refs/heads/1.0.x-branch 96125ed4d -> a35758e54


STORM-1834: Documentation How to Generate Certificates For Local Testing SSL Setup


Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/b44e5d5b
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/b44e5d5b
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/b44e5d5b

Branch: refs/heads/1.0.x-branch
Commit: b44e5d5b0d5785257068bc7726df38af3e6ae4b3
Parents: 96125ed
Author: Hugo Louro <hmclouro@gmail.com>
Authored: Fri May 13 15:46:50 2016 -0700
Committer: Jungtaek Lim <kabhwan@gmail.com>
Committed: Fri Jul 8 18:35:54 2016 +0900

----------------------------------------------------------------------
 SECURITY.md | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/storm/blob/b44e5d5b/SECURITY.md
----------------------------------------------------------------------
diff --git a/SECURITY.md b/SECURITY.md
index e9966b6..5aa3bd0 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -133,7 +133,31 @@ To set up 2-way authentication:
 1. `drpc.https.want.client.auth` (If this set to true, server requests for client certificate
authentication, but keeps the connection even if no authentication is provided)
 2. `drpc.https.need.client.auth` (If this set to true, server requires the client to provide
authentication)
 
+#### GENERATE CERTIFICATES FOR LOCAL TESTING SSL SETUP
 
+Run the following script and fill in the values and passwords when prompted. The `keyalg`
must be set to `RSA`
+
+```bash
+#!/bin/bash
+
+DIR=/Users/user/certs/dir/
+
+keytool -keystore $DIR/server.keystore.jks -alias localhost -validity 365 -keyalg RSA -genkey
+
+openssl req -new -x509 -keyout $DIR/ca-key -out $DIR/ca-cert -days 365
+
+keytool -keystore $DIR/server.truststore.jks -alias CARoot -import -file $DIR/ca-cert
+
+keytool -keystore $DIR/client.truststore.jks -alias CARoot -import -file $DIR/ca-cert
+
+keytool -keystore $DIR/server.keystore.jks -alias localhost -certreq -file $DIR/cert-file
+
+openssl x509 -req -CA $DIR/ca-cert -CAkey $DIR/ca-key -in $DIR/cert-file -out $DIR/cert-signed
-days 365 -CAcreateserial -passin pass:test12
+
+keytool -keystore $DIR/server.keystore.jks -alias CARoot -import -file $DIR/ca-cert
+
+keytool -keystore $DIR/server.keystore.jks -alias localhost -import -file $DIR/cert-signed
+```
 
 ## Authentication (Kerberos)
 
@@ -469,7 +493,6 @@ nimbus.groups:
    - "storm"
 ```
 
-
 ### DRPC
 Hopefully more on this soon
 


Mime
View raw message