rocketmq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vongosl...@apache.org
Subject [rocketmq-docker] 05/50: [Issue#1] Need script for TLS/SSL scenario
Date Tue, 03 Dec 2019 13:50:28 GMT
This is an automated email from the ASF dual-hosted git repository.

vongosling pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/rocketmq-docker.git

commit 4d14bca1a89fe4937b123a571feaf0e0065e7c4b
Author: walking98 <wiseking.wq@gmail.com>
AuthorDate: Thu Jun 13 16:27:18 2019 +0800

    [Issue#1] Need script for TLS/SSL scenario
---
 README.md                                     |  18 +++-
 templates/play-docker-tls.sh                  |  28 +++++++
 templates/ssl/README.md                       | 113 ++++++++++++++++++++++++++
 templates/ssl/ca.crt                          |  21 +++++
 templates/ssl/ca.srl                          |   1 +
 templates/ssl/ca_rsa_private.pem              |  30 +++++++
 templates/ssl/client.crt                      |  21 +++++
 templates/ssl/client.csr                      |  17 ++++
 templates/ssl/client_rsa_private.pem          |  30 +++++++
 templates/ssl/client_rsa_private.pem.unsecure |  27 ++++++
 templates/ssl/client_rsa_private_pkcs8.pem    |  29 +++++++
 templates/ssl/server.crt                      |  21 +++++
 templates/ssl/server.csr                      |  17 ++++
 templates/ssl/server_rsa_private.pem          |  30 +++++++
 templates/ssl/server_rsa_private.pem.unsecure |  27 ++++++
 templates/ssl/server_rsa_private_pkcs8.pem    |  29 +++++++
 templates/ssl/ssl.properties                  |  13 +++
 17 files changed, 471 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b9fb8e5..2e2d75d 100644
--- a/README.md
+++ b/README.md
@@ -82,7 +82,23 @@ cd stages/4.5.0
 
 ```
 
-## 
+## 5. TLS support 
+
+Run:  (It will startup nameserver and broker with SSL enabled style. The client will not
invoke nameserver or broker until related SSL client is configurated. ) 
+
+You can see detailed TLS config instruction from [here](templates/ssl/README.md) 
+
+```
+cd stages/4.5.0 
+
+./play-docker-tls.sh
+
+# Once nameserver and broker startup correctly, you still can use the following script to
test produce/consume in SSL mode, why, due to they still use the SSL setting which exists
in JAVA-OPT of the docker rmqbroker container. 
+./play-producer.sh
+./play-consumer.sh
+```
+
+
 
 ### To use specified heap size for JVM
 
diff --git a/templates/play-docker-tls.sh b/templates/play-docker-tls.sh
new file mode 100755
index 0000000..03ff51e
--- /dev/null
+++ b/templates/play-docker-tls.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+RMQ_CONTAINER=$(docker ps -a|awk '/rmq/ {print $1}')
+if [[ -n "$RMQ_CONTAINER" ]]; then
+   echo "Removing RocketMQ Container..."
+   docker rm -fv $RMQ_CONTAINER
+   # Wait till the existing containers are removed
+   sleep 5
+fi
+
+if [ ! -d "`pwd`/data" ]; then
+  mkdir -p "data"
+fi
+
+echo "Starting RocketMQ nodes..."
+
+# Start nameserver
+# Start nameserver
+docker run -d -v `pwd`/ssl:/home/rocketmq/ssl  -v `pwd`/data/namesrv/logs:/home/rocketmq/logs
-v `pwd`/data/namesrv/store:/home/rocketmq/store --name rmqnamesrv -e "JAVA_OPT=-Dtls.test.mode.enable=false
-Dtls.config.file=/home/rocketmq/ssl/ssl.properties -Dtls.test.mode.enable=false -Dtls.server.need.client.auth=required"
 rocketmqinc/rocketmq:ROCKETMQ_VERSION sh mqnamesrv
+
+# Start Broker
+docker run -d -v `pwd`/ssl:/home/rocketmq/ssl  -v `pwd`/data/broker/logs:/home/rocketmq/logs
-v `pwd`/data/broker/store:/home/rocketmq/store --name rmqbroker --link rmqnamesrv:namesrv
-e "NAMESRV_ADDR=namesrv:9876" -e "JAVA_OPT=-Dtls.enable=true -Dtls.client.authServer=true
-Dtls.test.mode.enable=false -Dtls.config.file=/home/rocketmq/ssl/ssl.properties -Dtls.test.mode.enable=false
-Dtls.server.mode=enforcing  -Dtls.server.need.client.auth=required" rocketmqinc/rocketmq:ROCKETMQ_VERSION
 [...]
+
+# Servive unavailable when not ready
+# sleep 20
+
+# Produce messages
+# sh ./play-producer.sh
diff --git a/templates/ssl/README.md b/templates/ssl/README.md
new file mode 100644
index 0000000..aedf237
--- /dev/null
+++ b/templates/ssl/README.md
@@ -0,0 +1,113 @@
+# Description of TLS related files
+
+The purpose of this README file is to show how to generate SSL-related key pairs and self-signed
certificates for testing, and how to configure the RocketMQ TLS configuration file parameters.
+
+## 1. Generating SSL related files
+
+### CA certificate and key file generation (directly generate CA key and its self-signed
certificate)
+```
+openssl req -newkey rsa:2048 -passout pass:123456 -keyout ca_rsa_private.pem -x509 -days
365 -out ca.crt -subj "/C=CN/ST=BJ/L=BJ/O=COM/OU=NSP/CN=CA/emailAddress=youremail@apache.com"
+```
+
+### Server certificate and key file generation (directly generate server key and certificate
to be signed)
+```
+openssl req -newkey rsa:2048 -passout pass:server -keyout server_rsa_private.pem  -out server.csr
-subj "/C=CN/ST=BJ/L=BJ/O=COM/OU=NSP/CN=SERVER/emailAddress=youremail@apache.com"
+```
+
+### Signing a server certificate with a CA certificate and key
+```
+openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca_rsa_private.pem -passin pass:123456
-CAcreateserial -out server.crt
+# Alternatively, convert the encrypted RSA key to an unencrypted RSA key, avoiding the requirement
to enter the decryption password for each read.
+openssl rsa -in server_rsa_private.pem -out server_rsa_private.pem.unsecure -passin pass:server
+```
+
+### Client certificate and key file generation (directly generate client key and certificate
to be signed)
+```
+openssl req -newkey rsa:2048 -passout pass:client -keyout client_rsa_private.pem -out client.csr
-subj "/C=CN/ST=BJ/L=BJ/O=COM/OU=NSP/CN=CLIENT/emailAddress=youremail@apache.com"
+```
+
+### Signing a client certificate with a CA certificate and key
+```
+openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca_rsa_private.pem -passin pass:123456
-CAcreateserial -out client.crt
+# Alternatively, convert the encrypted RSA key to an unencrypted RSA key
+openssl rsa -in client_rsa_private.pem -out client_rsa_private.pem.unsecure -passin pass:client
+```
+
+### PKCS8 processing of the client and server keys (Reason: see Appendix 1)
+```
+openssl pkcs8 -topk8 -v1 PBE-SHA1-RC4-128 -in  server_rsa_private.pem   -out server_rsa_private_pkcs8.pem
 -passout pass:server -passin pass:server
+openssl pkcs8 -topk8 -v1 PBE-SHA1-RC4-128 -in client_rsa_private.pem -out client_rsa_private_pkcs8.pem
 -passout pass:client -passin pass:client
+```
+
+## 2. RocketMQ TLS Configuration Instructions
+ssl.properties (Note: there should be no spaces after the attribute value)
+```
+## client setting
+tls.client.certPath=/home/rocketmq/ssl/client.crt
+tls.client.keyPath=/home/rocketmq/ssl/client_rsa_private_pkcs8.pem
+tls.client.keyPassword=client
+tls.client.trustCertPath=/home/rocketmq/ssl/ca.crt
+
+## server setting
+tls.server.certPath=/home/rocketmq/ssl/server.crt
+tls.server.keyPath=/home/rocketmq/ssl/server_rsa_private_pkcs8.pem
+tls.server.keyPassword=server
+tls.server.trustCertPath=/home/rocketmq/ssl/ca.crt
+#server.auth.client
+tls.server.need.client.auth=required
+```
+
+## 3. Use the SSL config on RocketMQ 
+1. Client Side (System Properties)
+```
+   -Dtls.enable=true 
+   -Dtls.client.authServer=true # force verifying server cert
+   -Dtls.test.mode.enable=false # not a test mode
+   -Dtls.config.file=/home/rocketmq/ssl/ssl.properties 
+```
+2. Broker Side (System Properties)   
+```
+   -Dtls.test.mode.enable=false #not a test mode
+   -Dtls.config.file=/home/rocketmq/ssl/ssl.properties 
+   -Dtls.server.need.client.auth=required
+```
+
+
+## 4. Appendix
+
+1. It's a bug in Java: https://bugs.openjdk.java.net/browse/JDK-8076999
+```
+$ docker logs rmqbroker
+java.lang.IllegalArgumentException: Input stream does not contain valid private key.
+	at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:278)
+	at org.apache.rocketmq.remoting.netty.TlsHelper.buildSslContext(TlsHelper.java:124)
+	at org.apache.rocketmq.remoting.netty.NettyRemotingClient.<init>(NettyRemotingClient.java:133)
+	at org.apache.rocketmq.remoting.netty.NettyRemotingClient.<init>(NettyRemotingClient.java:99)
+	at org.apache.rocketmq.broker.out.BrokerOuterAPI.<init>(BrokerOuterAPI.java:74)
+	at org.apache.rocketmq.broker.out.BrokerOuterAPI.<init>(BrokerOuterAPI.java:70)
+	at org.apache.rocketmq.broker.BrokerController.<init>(BrokerController.java:189)
+	at org.apache.rocketmq.broker.BrokerStartup.createBrokerController(BrokerStartup.java:210)
+	at org.apache.rocketmq.broker.BrokerStartup.main(BrokerStartup.java:58)
+Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
+	at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:257)
+	at sun.security.util.DerInputStream.getOID(DerInputStream.java:314)
+	at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267)
+	at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
+	at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132)
+	at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114)
+	at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372)
+	at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95)
+	at io.netty.handler.ssl.SslContext.generateKeySpec(SslContext.java:907)
+	at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:963)
+	at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:953)
+	at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:276)
+	... 8 more
+
+For illustration purposes:
+
+openssl genrsa -out private_openssl.pem
+openssl pkcs8 -topk8 -v1 PBE-SHA1-RC4-128 -in private_openssl.pem -out private_pkcs8_v1.pem
-passout pass:123456
+openssl pkcs8 -topk8 -v2 des3 -in private_openssl.pem -out private_pkcs8_v2.pem -passout
pass:123456
+KSE can open private_pkcs8_v1.pem just fine (that is when running under Java8, things are
even worse with Java7), while trying to open private_pkcs8_v2.pem will cause java.io.IOException:
ObjectIdentifier() -- data isn't an object ID (tag = 48).
+
+```
\ No newline at end of file
diff --git a/templates/ssl/ca.crt b/templates/ssl/ca.crt
new file mode 100644
index 0000000..4b47bb5
--- /dev/null
+++ b/templates/ssl/ca.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZjCCAk4CCQCtAwqWe7vLNzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJD
+TjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQwwCgYDVQQKDANDT00xDDAKBgNV
+BAsMA05TUDELMAkGA1UEAwwCQ0ExIzAhBgkqhkiG9w0BCQEWFHlvdXJlbWFpbEBh
+cGFjaGUuY29tMB4XDTE5MDYxMzA3MDk1M1oXDTIwMDYxMjA3MDk1M1owdTELMAkG
+A1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjEMMAoGA1UECgwDQ09N
+MQwwCgYDVQQLDANOU1AxCzAJBgNVBAMMAkNBMSMwIQYJKoZIhvcNAQkBFhR5b3Vy
+ZW1haWxAYXBhY2hlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANdzKEOXr/NRkJir0+vHGYkbAYhRZaFvAJTnjymAOtipAEWENgUTcNSOfdJu+0EZ
+Xiw8sItYgj/WOBMdsHLDFDv2Z/tKZodPFOH2UkgmqrHEQLVSXoRcEaOMs9OXrVBy
+0tzv2VQdGyihIM0hWHGXEcf7jbh7mhho0fVI0Kc7YfWrx1Q57ad4WzM9zAvsU5J4
+tyBGfgZQcScwVbyqc01N5Q0pUKRbVNgIYbr806a6lOHc0NfHrZFyyo0TGCF/U3o5
+Wkyb2Nm67IGJXwbFICi3u8IEVcqy/8JLHja8IXW89oksqY6lSkergsHpUESW1y7q
+tREeeLbZqJVUUA/T8yLAr7UCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAResTmwE0
+JW9mvWfZX9jI5/ERUOklYkiTRNfbVtXMJv2dnqpI6ZqUoAt7Yq+W1jYHqqf+sSYP
+jbaxO2aC5nTQIigdbrtNazpUScSiFCydu9wThlY4sGWu39Yy5YJ55MsE/Ra7J8lj
+v7EjWe+eG54f9kOfjwAsH2oKIntxSvHvGoNZ7/46JwU3volL+EAVA+Yvs5mwR4F2
+NB9FItBK2TCRErmf6JrP/2TZ399kabVRk1ZSjGNoe3UQc5ZxlvtW3shGR0d98ysf
+/AkVb6P77tAc4VX9ccoznc1xR/kzZMCu/AWc8TNV5lzVL4EfmKrtrzWAHkkeTLjY
+lSck/qDdF0uKNg==
+-----END CERTIFICATE-----
diff --git a/templates/ssl/ca.srl b/templates/ssl/ca.srl
new file mode 100644
index 0000000..3a6e474
--- /dev/null
+++ b/templates/ssl/ca.srl
@@ -0,0 +1 @@
+E58D4036D019CAA5
diff --git a/templates/ssl/ca_rsa_private.pem b/templates/ssl/ca_rsa_private.pem
new file mode 100644
index 0000000..367ae2e
--- /dev/null
+++ b/templates/ssl/ca_rsa_private.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIlNAfpmmINeQCAggA
+MB0GCWCGSAFlAwQBKgQQxMXaVtdrGf1s/DOwm1C3gQSCBNA5DnEMy5d3auB7nZVm
+MNe4zwNSgQ/iEY7XLPIHTy2d+xyUcQBHbGw1dyHpUPJJfCLS0w46BZWoiMTZRhpO
+sCNDbpGhaIVf54zZlXUm5suy3lIrydQTftn1TsUN5Ba2UVkmKNzfyoWFebfYx/YO
+ZjyB4nxaQcxLjOl18eq+36uZHae5Oo8ccYO9rUHqWTpShalK4TH92qwQpH9YNoJP
+zTPu/sCvovUPuyPNZ9RhoaDucwQs2oHzAPCBIHPu0bYVef8gklsSFCyM6o6UayRr
+WwB8CSekwYLtGzZnAKQrOEaxwhdZRMzwC86YtFhPD3Qfo7MnsJ10bDCqaaDFkWCn
+Y7N+FiBblZG5+QbBwu0ltNSHMr3en2xFkf4pp4TnlNOnqaZmI3Mw4Y9pX3+3XUL5
+3vC0dsygFw76RQNw1QK/XtdvXBKWvO/BPrZQsE6cRWyODsBf3oYJqocf+MWtszGi
+wWuYwpA51aXyWiBB4oD43UYO1GVls9hMOcL3SorTT0XQbd9KFtvJoFpl92owlD6J
+ht2UbmyrBq/nx8/9mYvPq1vudt0HxpbqJU2CMsUg8FzBrwQpthpdysduEfpyAIhU
+iZ9NxM4eLmzPP82TwzjOb642M2Gc150Fbuh//EajSqpA303OcOjNVPtV5ZPv+Jqt
+5JZFUiKwMogIfRllSfFKMihzpHi3y20oDsz96FO8Qz8Iri3VlLk6Hd8nc7Mhk6bL
+Az2Nl18sHvPchnolm9/avWuVZb6P2y3xXFmdPk/Ow+rRKBXV9JEGd11KWd2Iof1x
+MwDCilPcZG/ifYhbZFvrVQIvUT/PZH83p/3QFrGLZoAYxxyb5qhtPbTrAoPy6j03
+cZSLvrExD0iANCg9LRZbKjpz/kRhpChnJ0Xg3C4xgSMilqbsr8DgBp7Bns2ReV4B
+DTvJgjgLGekgc2PEqt5IyHkCo4M9E981NiU90rtm/6SOtjXLaBvrEpQc09bmAExE
+/Syvj8OgJwpsNBhbgOMILItNf+b5+xeVf1fQZVqaFBx4ENNHPx382+6LWKb1eMMW
+fslO0MDcAC+8M7bsAZrvCSdHyF0rNdbjxYpETJRxPkbVaxhHnNKdXUp8YRAk93JE
+iC7ZppGUrpizY9kMRGmSFai6jdMWEKOazOkScfbCoyVHbzWxD01WqR7Rfy3+1d2f
+HNwPQTOLmPIpw9NZ0E+k6HBw1C1J0ZplhXA6m4vwlq4kJtmki2dvcRjGdViAHc9q
+b4gDjGmR8uexs7UHcwxXCCUOKKrWxXnzqhB2NdBuU3Wz1I5VYtxJZxCIDdNlBGBz
+jkXwwVS6tTV2MeUTwvel2LLeouf+XemHNjJseR/1d+RThYKbGsas4PiVdQXIJ5Dv
+9OJbiFq7sypIAoLLCJx7zXAFr6CY/EdrcyZ2EISkIBILOfja2Yasm4xUiRE4/hxn
+x/b6pCqvuDXbWDFCclMM2VqM+/MFDU7Sixl9xYb75Wnhc/0+C0T5KtrQjy3/1lUD
+uBNSty/uKDUPTxxAhVNXKqfOZtTgtZtMqF9m3fVn5eF0ZLzEdoaAaOjIgLTJuxNK
+fpUkT8YRwY+r0noBJAtX5Iz4KejrTUzQ2fHjF072ktL2AUCztyuGZKmBHlTnZq99
+639DZUIe/Ejtl2LqMz/ggksS/A==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/templates/ssl/client.crt b/templates/ssl/client.crt
new file mode 100644
index 0000000..850057c
--- /dev/null
+++ b/templates/ssl/client.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDajCCAlICCQDljUA20BnKpTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJD
+TjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQwwCgYDVQQKDANDT00xDDAKBgNV
+BAsMA05TUDELMAkGA1UEAwwCQ0ExIzAhBgkqhkiG9w0BCQEWFHlvdXJlbWFpbEBh
+cGFjaGUuY29tMB4XDTE5MDYxMzA3MTA1NVoXDTIwMDYxMjA3MTA1NVoweTELMAkG
+A1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjEMMAoGA1UECgwDQ09N
+MQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBkNMSUVOVDEjMCEGCSqGSIb3DQEJARYU
+eW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC9DgTX7RfPfdu7kI0LTDJZsEZjcO7v6jjuI5AsGie9V8jCYusJGI7VbHEF
+DlAd8Bj+Di+VDSKyVhBwVvE9vCFtccXpnnbq1BuLTiJuMJ8JoAF6BZnnS7heGeXE
+073nco8m90kt2GvDJ+GGtM29tDzAGRZiEXlGABQOvRblqUNK4ZyIOcS+nhPMxu5v
+JF1kA2xS03ow+Sas0CtJ90yPCNJEczuyeXuyeJTlMKUsPyjzwQsKQRScipi7X6MO
+h+4dDm3FRt0N4+H29yGHSjxgmlzR5H4/je7INW6YXCPoK5YrcsPfbgl2FvqHMMC2
+wH7+Yjlf1GCFWWAC84p6x+2DtbgdAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAH97
+Nia1GGSR2oyLD/AYuss3NyPkLvwjd2s2rZR2HfvqivRCrMSt8GAlQBhrN8dnVCd1
+j3dLQMEQ7iZ6lsL7Gjo8ppmz6el2yvZ0XHYkCS8YC7pu5G+9H2+SP5pFXA5CFowj
+GCwUHETMnGEZ3dGIVn06Ifyu0nPNT22l0gycC7lZDz69i0JE7FN3ijBl2UCsfphm
+9ayBf+bZ+ZQWGTaBO8hQcl4FNPle6Yw63/x4l47ks+zHw7pIOKE59gSbzimvi8zI
+uLn0GnJrn+medVSlD1enDrWvEfFSL1ZyGkFiqMlBAQjHGDfj8+sTLfsA4pwnYNqq
+1reXIuFOMouI4UVfgS0=
+-----END CERTIFICATE-----
diff --git a/templates/ssl/client.csr b/templates/ssl/client.csr
new file mode 100644
index 0000000..4624fd6
--- /dev/null
+++ b/templates/ssl/client.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICvjCCAaYCAQAweTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQH
+DAJCSjEMMAoGA1UECgwDQ09NMQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBkNMSUVO
+VDEjMCEGCSqGSIb3DQEJARYUeW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9DgTX7RfPfdu7kI0LTDJZsEZjcO7v6jju
+I5AsGie9V8jCYusJGI7VbHEFDlAd8Bj+Di+VDSKyVhBwVvE9vCFtccXpnnbq1BuL
+TiJuMJ8JoAF6BZnnS7heGeXE073nco8m90kt2GvDJ+GGtM29tDzAGRZiEXlGABQO
+vRblqUNK4ZyIOcS+nhPMxu5vJF1kA2xS03ow+Sas0CtJ90yPCNJEczuyeXuyeJTl
+MKUsPyjzwQsKQRScipi7X6MOh+4dDm3FRt0N4+H29yGHSjxgmlzR5H4/je7INW6Y
+XCPoK5YrcsPfbgl2FvqHMMC2wH7+Yjlf1GCFWWAC84p6x+2DtbgdAgMBAAGgADAN
+BgkqhkiG9w0BAQsFAAOCAQEADPNzwKiL4s4XJNv1tUbwMGoxjgoIGit8o/cHkR1t
+zM98KREvCsSxhR+oAjnXTq/sw57ZxDW49RABFswsKcq1gi/14XvQOLjn9q8+Lt3d
+tZO0wnvF0wbPruMG1BzDNcNZ6cI6MxnffdgHaIvj8jZ6+ky3/AWFm54xQv/k2sos
+Am9gTKFad+1nQWK0BB5LlL92CeJ070i1QaLqAcpqLNxQt/AHlcCYsXgh3Em4DE3T
+NXQ6LfLDtXRMS4LHsCg9FpX5kdCBhtpR711F3dp/L8FT2mfI4dnpxiow3jE68+S9
+o3Xp+QCNmJ8MXlQx3X0mBO1Lb7dy6TgR1FCiltAx0JMhbg==
+-----END CERTIFICATE REQUEST-----
diff --git a/templates/ssl/client_rsa_private.pem b/templates/ssl/client_rsa_private.pem
new file mode 100644
index 0000000..1c4e35d
--- /dev/null
+++ b/templates/ssl/client_rsa_private.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI3Y+Ip2IEWYcCAggA
+MB0GCWCGSAFlAwQBKgQQOKd56H9rUJh0G8frLK/QQASCBNDJCztIrpHwj0g5CusF
+YQHVcL5BNDzH9Bg6B5LDmKAgXtgd9Xmy/asAmX1QGDUajGhbxFcLcUibvQKxOhzl
+/Dwm2M3fR7gecosMU+K6T519nk/fsugXQfJUUPU7aGYwpSUz8myKHDUKlGRLJ23Z
+1PX/KkB6ud4K5yGEkisCSxPO+rf+YjJCe7+VohsLKnC5mUiBxbGtPKxI5dzijZo+
+MksEaOklvJzJGgwlKgNj3D6OurASGYeyxbORaKkT3YBvW/RwuWJ5BTKMf7nMNIFS
+umRPkacE5sgisyJHe4X0SHFvlthG4DXQ9SYE9Yh224RPQ3arv6NvSUO/FF33wDpZ
+iKnrsx1GpB2+DmbXUNEYhlG9KFGR2gx2WtQBfcY1dUHQUvZ9XhGsgvkhHVUHrPXW
+HfY2SddpIt0sgwTeni7f5AA6n0TEsESPwItbpReEgZv7D23gOEYD5voXzBHxn0YJ
+B9ZiebD+SHqScZpJPuCvBIn+na2gdZLo5w4uK2tdMicv9Quf4I7mJXHsxUgGCRK0
+qXz3PjvmK/odJZf1+e4RB1wf90Pjp1YIlNzNkTDr0rWAiX5a1a82c2gZwULZZ8uM
+yo0Cd6YE2idzzQrfXf4mejfhBc7EPqSbagvEwteUTUpMqHJifr22Cw9jdbXDNtB8
+ZyqebxOdfejZ1mMMaTFJSmXhY/a9l3XRPVwOAWcTjrZjAx+gHYYHOUaDdnB+etj6
+bhcUjnEM+40WT7n3DuTSnexSE2pwROqKbnrtlMqN5CTqWv1295Q/N6PrTyyQN3xD
+zwZaXvIQPFh3BTm4m4otIVeYp3qqE0ESFsE46RZjtw3tSrAWbNrhl9m5LD65aKiO
+S0zDW89RenUiLHaDa4r2kD18tAf8cTbls5E03IIcgR12vVT6c0rY5DM7VpI72fN0
+xsBML1BbJ8P8V8T5RHzxFhbcDfO7BGe/n4rAyrJQX/B1b5+RrhI8bGdMKjCsPeuG
+qsmC+u6BlAd4/2nvvMHvUefkw2k9MiiWH/q7vXRvqi24LURutgM6G1+k7c7Cyeog
+HDLz2QA2YYwMKO0sDHeF9D1n2dhCCoi60yRm4Hi8ePBIlJs+yAya+DI8LODM8xBm
+ZkGMOUTQayFZ+GGgEe+aqnZiVqkBOIcY+cGofn6EKzPjTqrZ20g31Zlt/NNdJYmt
+QiLjWsuHMy8NuAvPJtEKDqzFNI1aHmXVSpMnSujtwBxibnTu+pPjFSpyp4Ftdh1Y
+VwfnNDDaoGtmRCVJQ3wxBbmCo85MkLAqsPu0aI3SyiUAYw7WX2vf4U0nzLUobFQQ
+AXbdLHI9+eDZ042g76ZLdR5unye89iYoxblXSoUbYhJqmE7rgXpORouljg0GWdbi
++TP/uWlSrp7z0ErwewIydQ17SyA6MVrhhGgp/q/FRYx+dpUswPSvbeR23kzfeFNT
+ICJToVli6C1M1+YA0wTehWJtCLYP/tBBRSVROnVdnZQ00ERJ96RzVtKnt0SdV/3e
+gpj8NyJYnYuuO9H7NTk9K1SnKLfCBcsCU0Z5dHvoMkxEYr8J8nuZf9hy5IfbyUNO
+9o6KhAB7SVIgwjCwlmzeczWXPVrdeYqWSTFrrIia5PDJkaZlX3pm2jjHHKmxWF0o
+H6N5Z5yWW7emy8K+eSvMpfTJeQ==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/templates/ssl/client_rsa_private.pem.unsecure b/templates/ssl/client_rsa_private.pem.unsecure
new file mode 100644
index 0000000..7e9a4e3
--- /dev/null
+++ b/templates/ssl/client_rsa_private.pem.unsecure
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvQ4E1+0Xz33bu5CNC0wyWbBGY3Du7+o47iOQLBonvVfIwmLr
+CRiO1WxxBQ5QHfAY/g4vlQ0islYQcFbxPbwhbXHF6Z526tQbi04ibjCfCaABegWZ
+50u4XhnlxNO953KPJvdJLdhrwyfhhrTNvbQ8wBkWYhF5RgAUDr0W5alDSuGciDnE
+vp4TzMbubyRdZANsUtN6MPkmrNArSfdMjwjSRHM7snl7sniU5TClLD8o88ELCkEU
+nIqYu1+jDofuHQ5txUbdDePh9vchh0o8YJpc0eR+P43uyDVumFwj6CuWK3LD324J
+dhb6hzDAtsB+/mI5X9RghVlgAvOKesftg7W4HQIDAQABAoIBAFwuQLhUF58JXCGZ
+etw+W/KVW8zS3P5IM1gSKRMH8caFzhLSDo4R1ltEE9uGPhRK5LTDj/naPMe95SgR
+jHEwkQ//QKQHqy4XHBMRlwIpXPJhfTbVElTP++aONBWDtP3sQtaaDql29BxlDrcS
+45qTDmgQE3Tf1kUGdsE0+7whivkwLxQS9V0G/Gk20Nfypx26iBGLPlf7DANn6CcM
+DYySHF/AYjuwf7bHM7P6YOHGio3aZmV455RNw98lK29DwkAQnHwrs5Q9Dp+fibE8
+WrPDjB+mfJg/M5SHExnIbYxC/wO7GC2CnKEQ25jdC820yw/wPp3ug5fh9XDK6rd/
+CCA9mSECgYEA8e3IUZa9Xp3kkkJjPllcy8rsNv79+Ifmtn5Cx4klclHFQe2I8Wvw
+/ZkhvjknDWaGxOYb4CEbLQCPQWxrvNp1/pItze68PrtsiSNnJHAjTnjXNaHc9wgy
+y+/H4FqJy2Mfo0zGG65fCxiBSoFrx0K8p7Rs4nnrclohsRZ9Qc1/MmUCgYEAyAz2
+wwUrj76xUIta/j2Mnbnwcb0oY0uZVs9XMxpR05mGLw9FMSPTVWtE+rRCJ/dKBark
+dSGkZ+rG8ICvgek09D6Tl+gSgUiM5mXPNcW3BuNF/EVQCGhakeyTFWUTGeuEb/Og
+QsxccwcUHCXM4WryYnUu1yqzcpF+/hqlaMyrt1kCgYEA7hyht6PMeK6gxE9xDHG5
+wp7TxQFOCGoB6oX0xh027QCMTGo1CaC6zW8FZgssY6UQagUtVHhhHfbaCINkurit
+v8QyLuiVAI1JsuRUZOm15ktLTe8k40J/dHdo22lhC/xgrEIpDh+eTfZtcl5VLQaD
+VfBf5rwmvyL03C4NVFGkqn0CgYBf3P5+s8KNLncvvqfK/1mb15dmGZv6ASco11DU
+9z7Q5FfNw0aH5sAFxdKXRLwTBMhe8OZrTsTG21WbuD7iRQuQI1B80cPUWhzS52Sl
+QuqTDWPjIJ/ad483MCPHc9j0aczcDOX2PJHsuS6k0mRcfPBLyBW7HAZD138Aa2pq
+TvHWeQKBgADj8mPJMyQfn6YcBCL81KvzF/1HmbdehIMh2kJNK/9g8PZOKx0KnIum
+43JZDFnqheoZcHCO/K+IAR7Vw+MV4MWZ/pNG65rcFGwyXygVdV8j5/o5dfbY64jX
+WZIixa4+pqr+PbILGC6YJrPBaxJclmzay+jFCkDyrfjIsJVXHmis
+-----END RSA PRIVATE KEY-----
diff --git a/templates/ssl/client_rsa_private_pkcs8.pem b/templates/ssl/client_rsa_private_pkcs8.pem
new file mode 100644
index 0000000..f781bf6
--- /dev/null
+++ b/templates/ssl/client_rsa_private_pkcs8.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE4zAcBgoqhkiG9w0BDAEBMA4ECLmmzAmLIjO3AgIIAASCBMETwEYAUaz988mU
+3NyUox7+owFLpeIkqHptQ+KP/iMmP+cXJe+hLMjyvG7HGSauQ5ruNSUqg2OfaHrx
+RqzBjESlkqOmJ7u7IGNRGFlds+SHikbgHoJb+sYP1K7qPeHpCMgq+JD3cV0F7UQF
+cUZNv/4PLSsw/lo70N8+FaGeGRto0TO8Djhlvs4sPM4rlTazV5h3LpOZCYkO56Gd
+DpwYo+bcr1S0GxZMgyRbggAvcL02GTTvSoH5KdzX10UbH/pJh6Q28Syagg713iX8
+rku958UMtpluwlOmvjlZ8yxbz49q4UhUS1v9Ox/YB5XRwOQSCopJIWRJSgjLj3mj
+o7APtLueV07nZ1jMG35T1kD5KhjwfXSjDpIWfeBuDy7rLzqHHNrCfZO97C8xltTn
+25IItpQ3nKdzFA9+YuwSixPMUnR7pFrDKktU22DNpQGaXOBMKiKHk7nQv7oKCt6q
+0WUa4H/flxVk94kLOKSND1UqNlrsGqoMjjC55DM1s+LsxdvXeMqiNTAJFI3sAxRM
+o6SPqKuUxG+m9m/AqWXvwjVlnCXvTiWPUa/FBRvTUZUllxLwunhpJQNkbKLOqWjN
+GPc2U8iaUf0FeXeCPoYervkU4cJBR6BAEgHfb7EFXh4gY7I8XOXOSENxVxnSWiWp
+zVv0J+egmzbobwW/XvxK1+IyaFL9P9enUnyqmlIYEJqKp/QwMAdUiNuP+VZuFIBE
+JldINC8KsvQREtYn3zImDbMvP9cDp9n8EFI0/9+R3BPrBhFBlfY06OfP6G2Dqynx
+3RbbTcQKcCYwOkogZIsqCg4f7gRgTSPw71FrrcZO+JlBF7zF5COv9vr7wKcoBUkc
+tVedq08mQOuGdz7NRiwMvapecdK9EQGGuMVrppz/6fbxYqUp3xFcT+KJ7yqfpv0f
+KQF8zbjkcFawQic9lTFB/Xa14nOUQC7UDVcOOrBNic0WKRz8+bo78Mtsqe5abKhs
+IkhR4w2YfhPMyCZTREeCeFdhSbDadseI+EoTyOYAIBJRCNI5rKDhWlVTdQNZ+wot
+JO8Pnyi+FtSrmqoBATeBY4SzTH6+cDX0WLtiJl2KLvY8ezlvv+dzuv1Umm8Hp/El
+tjBqNwU3pLQXJpuagX+6zOexghKHR9nvh/McEGWk5NTk8n+dedMkWxU2TB6Cteo/
+JB7zN/xl32uMw+74xuAaS0WblXmfMFm6FJrtOZ2xfxBZSc3yktfca5viIRLtRP0I
+9EyGp05I71gr/5FV1ENitLFnso0GfFZ73gsRtRH1Jdcr09O3XmFcUAXWTJuo6u4h
+fYMU98h/0sQ02PYYO1lWhK0zqJ1UD9MtpTUCt6gCgEq4FuZeHzfVbBZX5/b7G+q3
+dtmIIrITd8DZa4bzAYJzMPa4KfK95NuECUjGTlM+PuVKHTXC+ej9zlDm35XDJ/FU
+N7H+c65GGrYTPro4R9tu/2T/P486icepC3gPC7nnMm7/zdORxWLzDIlZm3vkTG1T
+p4Q3vF5+eYkMT42WV92o2JdYWU4YKgTTrrWEjO4MBHitZ/Apz4oz2bDiYZXFB+eS
+Bysd1n3lvrk7huZ8o38sFW10mbdWPFjEb7ky7QaHUmpsmFIPT76yJ7+0msEt7Lv8
+fPuDvh9oqg==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/templates/ssl/server.crt b/templates/ssl/server.crt
new file mode 100644
index 0000000..ebbfb40
--- /dev/null
+++ b/templates/ssl/server.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDajCCAlICCQDljUA20BnKpDANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJD
+TjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQwwCgYDVQQKDANDT00xDDAKBgNV
+BAsMA05TUDELMAkGA1UEAwwCQ0ExIzAhBgkqhkiG9w0BCQEWFHlvdXJlbWFpbEBh
+cGFjaGUuY29tMB4XDTE5MDYxMzA3MTAxOVoXDTIwMDYxMjA3MTAxOVoweTELMAkG
+A1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjEMMAoGA1UECgwDQ09N
+MQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBlNFUlZFUjEjMCEGCSqGSIb3DQEJARYU
+eW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCrcoEkq7+3+/j6kptOBxJSC3y90oGOyQvMJyCmsytwr+Qj0J7so3ZyBp8B
+lsUdvgq6Z9NzZpgu+bsjvIws/Ej6yfdM+TSPc7WdctRwtJjbxsYNRXI5X6dLf8gn
+u9eXSkTzaJhNyx0+r0hH24ts1rTwAVXB5Rfb0A8748fR5Lx8juN+SSfCWaTQKqmd
+QDiQN08WkCeNTnxMWOb9AqN2XAxj9GCCJOIdlr/XyPNWIJuIZkL+R6WsjIcR/7NH
+v58VB9I0ve4tjd0fk7SpHrIqi3q87lt43Pf05yQqIp90HU5wu55JT6p9YsW+UaSl
+eVVIxVAhehou4Q3oOjPNcJABwgPRAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAKM2
+rIbsKe+kpxdVgoZSznWztN10APYtGM/0ss76B2mT2SCmKDdhbkeCG4VW6qw3CtUs
+odPTp4pKtG9UF/J3BAgwIHI0LnWQfxJ973t7vfzP9D1Q7/X6j4UaMbldj442MEDM
+pItITWPxpEqMdd4O3EcqsxbqQRWiugjQ57+Z80GxoSFSthIMX3nUjGHfbewxy/Jk
+VPdyqElzcJ0CwRE0Dey18h+bbqdyDaG0wJ+HKZlbx2A018SX+VhyTUpnytrTHhVb
+SD9rsdtFJFfnyeatJMmtjn/Hlhb19k4kk/UxiStW95zxmesen9OHi1bRlUvPKcOO
+bwdeH2xp7R1Tio1CY4E=
+-----END CERTIFICATE-----
diff --git a/templates/ssl/server.csr b/templates/ssl/server.csr
new file mode 100644
index 0000000..5a8051c
--- /dev/null
+++ b/templates/ssl/server.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICvjCCAaYCAQAweTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQH
+DAJCSjEMMAoGA1UECgwDQ09NMQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBlNFUlZF
+UjEjMCEGCSqGSIb3DQEJARYUeW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrcoEkq7+3+/j6kptOBxJSC3y90oGOyQvM
+JyCmsytwr+Qj0J7so3ZyBp8BlsUdvgq6Z9NzZpgu+bsjvIws/Ej6yfdM+TSPc7Wd
+ctRwtJjbxsYNRXI5X6dLf8gnu9eXSkTzaJhNyx0+r0hH24ts1rTwAVXB5Rfb0A87
+48fR5Lx8juN+SSfCWaTQKqmdQDiQN08WkCeNTnxMWOb9AqN2XAxj9GCCJOIdlr/X
+yPNWIJuIZkL+R6WsjIcR/7NHv58VB9I0ve4tjd0fk7SpHrIqi3q87lt43Pf05yQq
+Ip90HU5wu55JT6p9YsW+UaSleVVIxVAhehou4Q3oOjPNcJABwgPRAgMBAAGgADAN
+BgkqhkiG9w0BAQsFAAOCAQEAPVQCIHeZszbwZWBWYxSsOyg8zdGJUJr94coP1Vqf
+h4iSiMUQDIAVpobw2Np1f1SfIU/kc3jK3pSk+ac7kb5hf/2WA8UJMtyb4KUYxhYL
+U6x+/imKjijLQb2UMOx9QyATMzX9N+r42mblWpGKbeT8v2iXXbFWOB6xffR3VmfO
+FmZkHCTe0rO29wfDvJNG7UM7o7a4v9hu3FU3wu0woJKmNm7We8ePIYg1aWAoT7+6
+XloBIX4vpmqQgG1DoAwkJIQIyr+4z8o6MXDdMDYHK+OaRz0u7CpZD3fkWm92ceYP
+W5jYtEV/krwwbMJJNOc3UlBf1bFnD6PrfCH68G4rnn2OtA==
+-----END CERTIFICATE REQUEST-----
diff --git a/templates/ssl/server_rsa_private.pem b/templates/ssl/server_rsa_private.pem
new file mode 100644
index 0000000..c375910
--- /dev/null
+++ b/templates/ssl/server_rsa_private.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIFwd6743xwR4CAggA
+MB0GCWCGSAFlAwQBKgQQX+Zs4Opeu6nFw/SBfyRyzQSCBNAIkBV3aYRvkRrx9cPC
+4Kui3tXktAPJz7/EAXjCS3ahBmBfCIQCDTvpNFBmtP+rbQFMh2RMVD8ntnhfRblN
+++/XrDCPqA5qsovKXgrrpxsEYY8Z6l1V9N16y14heawVtR82mNDFRZ4i6RS8+B2X
+WLf9wv3gmkBJuvkD9q3IT3uO6w8fbF4xaZ3tT+n6tlcvmZ6Ux9AZEpgrZvtIPhF7
+aCZMRhi0JqZALIjf3FK4EgFNzNFwLCLixPczvJvGRP8yf4oqC/dg6T5AiAdPLhyt
+ccWAtgKDQu7iPGVe0MYlRhtXrSt13WlAt7Yg+0gcIMmYGyeAMZd12vBYUtR3ts3c
+gy/K2OzcH0V4a69llbx1NzpoEzt4kKVjDWnIy++a0/nwVAI5WX2HwgPbs+ShQ3VO
++CWpSsGjUkReA2ObbIf9AHk97SysBkfULA0+DYfD7IrdSunmZVpdkj0gYEJo7jy+
+nn98LHBZqlJSerLoF/zInSAY8Ym4abtCvUjlAo+9Rm1DLlIEnbRvkAuLq7d8p6Mn
+mHRgvvLlgGmDkOa4LzE/Q8+JD8X4XeVmPXT9JWYmOfJFKu1fP7gVXevyp4XfQNHD
+7/d/0y3OAHpVWEWIT0hmuyYy3t0DOZx8HFlc3d4kHBXDtrVfXuQ7Ny6u3M3pbAGO
+RdPT7a2X94o5/IAphmarCHIMosek0voby2oK2JL96hLl2vDFbAowN7TOxuiQKdjz
+VW7XiELiXXcE7J9xhu+ZCmvgMTJP29tiu2/i0Tj2Nxz9EkPjIuDRm3BqPAxTReU8
+tUFj0t9Wuj2KTLPKbKt664Z92xFaS7MIFJrm3l6H/oGNa3qIpLYiBJeKN6ktCzbC
+4ZQpUkz2uZDJBwcFKh7CJbc0HBSRgxa0MbW01VQBXz8zkzfDr2XUvNddA3gs5iP6
+sUtlUVK74MjfHmnsjQUsDNRLH7kMPjAlVS8qyamNMzBWmMcvS+orc59dzCVckmBu
+MqJWKZLwU/gcSQRhGzokaYe40qtoNzcQV2YlUP4gotpC3AlyJlYHNEl65MbWjTKB
+TyWXXdJJ7Hfn2j6k0PXhzHsNKBfTcy465no+/BR+wBpY7b3fIN5+EgGiisAM2gjX
+eMRMhVOfV4+qY+nYARH4tavu2Sn5la6sqEGolu4iLp8hcMoJe9No6T4NDaAqMNWU
+5wH+QunEL/eRfMY9Y1bxP+NspqOIjP++TXHN1i95eZsWF7au/B7Nl/5arkT3dqDO
+sNv33Igatad8lkY7wy/lknqYPYyqSuQAmNuhIcNOJIv73ssaXqIhUtl/GDj++j5W
+em2J3+cwEZyyQ+Bp4IDz3MHLa7cR8sAyWgREnAsbL1PhH47t44xUxDWe/zEiD1Qm
+H4ak6adLQRGfPeSSEk7X4G8MPZ5rIfBX7BFamTnBaFvxCmiVRFd44dP4hEN+ozE8
+NQZdgGm4S6MENTgZTypEQ3i4H59sizrdW0kYcBP3taqKN/5p8/D+Pkg7UQf5ma31
+3UJinBWNGFQYUtCWLzkGCVypwnBSworlPHsRmFR/3uqozNNWa0x6uCAkpKzd5tXk
+MwkgPA9Sf6ZXCNsfVoz8PfIC9Blj9LrOVkWfUUEztaNjet15gi0NJFuMfDoGeJ7J
+OaYpJ1sk8E7q6rd3Br44CfTvlw==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/templates/ssl/server_rsa_private.pem.unsecure b/templates/ssl/server_rsa_private.pem.unsecure
new file mode 100644
index 0000000..05b1053
--- /dev/null
+++ b/templates/ssl/server_rsa_private.pem.unsecure
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAq3KBJKu/t/v4+pKbTgcSUgt8vdKBjskLzCcgprMrcK/kI9Ce
+7KN2cgafAZbFHb4KumfTc2aYLvm7I7yMLPxI+sn3TPk0j3O1nXLUcLSY28bGDUVy
+OV+nS3/IJ7vXl0pE82iYTcsdPq9IR9uLbNa08AFVweUX29APO+PH0eS8fI7jfkkn
+wlmk0CqpnUA4kDdPFpAnjU58TFjm/QKjdlwMY/RggiTiHZa/18jzViCbiGZC/kel
+rIyHEf+zR7+fFQfSNL3uLY3dH5O0qR6yKot6vO5beNz39OckKiKfdB1OcLueSU+q
+fWLFvlGkpXlVSMVQIXoaLuEN6DozzXCQAcID0QIDAQABAoIBAFKQlSLc1zo6TUAW
+pFYiT69VOuCLZLsnlNffK/k7pbrh6eNZj390hREKoT55pjnZkH8OiyUzDizpNTdT
+kMoFQPwNkVvvU2GWHqtRZn9UaZzFkBFKFWUN7JoOUozYCE4ihSwXfelQ3KeYcB2y
+2+UxTPecHPmAY0oHW57C5jLtjdwJhjo3m3S+lh79uFE4u+QIUV86Psn8JBLej2QU
+AYUy7AaAMuLHsJtWtP5jpaCKikCWYtfaCHismWpN2RbIwVp+unWhpryUpOOZx5F/
+iEE8OaDAkZimPgS2Bh67VmX2+SmaRFDRXKWEUXP3v7EVPY40SIZfZcqW7JSVrHkp
+w+/pNUECgYEA0gw84EFJBGumMptwjTffajrtynE/cjtYSp/cmYisQsQXcb2DSjTS
+zrK2kJmJUCuEeM1GQRkS0by4lk157BzZaBcMwad/4zwJ8ZU8676yKv0Rf488+DE4
+4IWByoSYElH9N9iW2eWWuH8+BeP86JUt+DgLqPBLsy7PKndNbzJE4BkCgYEA0PRw
+JeNfjvcGTLDmm2qbtYYzheIUdQmwYUrYqRQCRPP3jxJIrrvwn9ID6Cx8FS2vdsXr
+3vxYdaDARrijF1pDH3swm3GHrIV/qYAkb4Cy9mdoXK96AB0RD5plbo15952d6kfD
+OdZ3D+FXUdJbqHIR0Vk60iRSR+bphfOK73r32HkCgYAd5/Ym68Ssp3MTU4RT5ved
+VWST5UnmRsLMZTRwe8AjBW5dGGGACENXgKRztBiT3I5Q8NEm5Z4DVL5nUAKi9nyR
+0G5ViDayMNMtnVT+L7mIW13Jbqh8oe16MigHoJdSTHAkKmdYANNT03IOPqa8qrjP
+1ZL7a7MrgOeoITJaOasKyQKBgES81JOyK4JFQt5Bp2ri9BwP7K0TRTWHHW20CHf+
+bAyw0PRQyHYqvypkFQLwd1UkNT92NnShQJxZaEcbgBMzjzcw+Dl6bG5VcDybOeEw
+Ti7+r3cmBpU4+p7OZKWshr3tLMCgINnK8lnYADibYamU9MWQe+gbKLIchR+akU7c
+feHJAoGADF8pbOuCpRFZnUYzKh+RP2tHcRJSGSi7VouI9tCx+NXfKuuFlfw3+2ug
+/xmbjwzXYUDw+VjpOYA1OAsqmtyk4sJKP2z4oA1RLUfuL1nXyHRgMQ39/KmY4/Uy
+2hPaS1CkfAgSGqTpb0ciY8ELCJQIDrX3QNgCeR1cCHxLygDVGvc=
+-----END RSA PRIVATE KEY-----
diff --git a/templates/ssl/server_rsa_private_pkcs8.pem b/templates/ssl/server_rsa_private_pkcs8.pem
new file mode 100644
index 0000000..8fd3c9b
--- /dev/null
+++ b/templates/ssl/server_rsa_private_pkcs8.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE4jAcBgoqhkiG9w0BDAEBMA4ECJOZ3PKU8BRPAgIIAASCBMAocpv2E45lph1C
+G5zcJbwMJw08ER7ouxnhcGyKt+CXIbMESikTUUJDudCWgTiTIt/A0baNPW4m6Zv+
+oJhvMBFl7KfUyCkVRpSw53ygHM6TeeIS0UP6x7eB9++yNCJ3ZVF7OzVvmDwx9FnV
+XOfgQjZIIvcyXgn5jwj82PB7YG3fwQye4AUgmr6ngbMk/GZ35XIZSfPptHHdvkxG
+DifswZynDX8FeH4NAKZJilC0m/gO2OayVRHl19LVTu9V/1SKya0uLJvP9Lezqwl9
+n1cSexe8rbpho3HX5nRbWk3T2/sM1F/fD/ylDdzgrvLe7xmlbExhBMZfIaFnTJu3
+4+dJBYlS7cBBeF2B+9/4r6TXVtZMsjNVmWLEye3ExXCOY41fKvTv5qH4TyXXrsrc
+1G4Bv4+oNXa/WnfF8qDlvtsSouOPWHtQEQMVMKyaLL70Z1wyKFVtFT8EbkGmT878
+lJX/XsgXgfq61+OZUpriQb1+0nzlPStnRRUL07D+ryllvFRoIBh1q9OwIvdVHDsI
+zh+KCVsPEuq7VdIW+wNRiomIGu4SLjquPYxyOnqV3YVmcSUfzbo+li1QcplC6WVS
+LICZsvIuCUtEAOTXzJdcUMKSNgYX+sCLZBrG+EYZhTBFwTELSTGESC3gGGdua1nq
+Bm86S1wBgY6i9jIDxvuLXOVcphVUB6/9PQrxbVAtrpeDXGAyMj72h1GSGehr/VuS
+jlSNz/LLXoSCZKs6faPo3B0PM0VMN87dVNVpOw+3eTkdy2x/0H2oAoGVIbtSTvbh
+bmTbCcMiXlwCBgfUZUu+6YuwRZzxXxS8gNpXW/RT8KNnmCLGNtjJhQN4hHfrKsAI
++M1qAVbkSixHRGWQygbFSUUQ8h7OYFMft5YpnKLgl/BaMjzAsFZOFbcOAerQHcL7
+FatCQpBCmQ8MleiEzK7rN7IGYe7yx0HW1NzX6ym2uhCUtwipH6sspT7hDJvMrGFW
+vAQwBBdw6ewmjq+XCliSDNFTp1TRkiN0ilgeLS+EIBPKh0SFooXe5oXJhbTNVQem
+is958jgJLeDGVDZrjyZq2ptPYb0kXmGQKvhnqZkO8hqI1xGbGZm7tERivolclMN2
+e4Yh1D68fcyOzpmfPiVN6T22I0GMAtq8exO+F2LTdarGWnBRr6aOp6QSPz7iMQhf
+OHXUj4smLGkZT5XIlinoVK5YlKIq5aUusKrS9hxqNfyMTz9iETiNNg9hCTolXKvN
+tuYygAMR44DqhLTsQLr/8++DxdLZ4v3Rd16q/YX1GNAUMvNEMzokDbp50+ET36Mg
+VZu3SeRmjnh5SvohDRbM4uool+0KFkGjsB3UpyeF1QgfNcUuc608VnFFF3XIErw9
+TaARow1v8LJ9+C2p8ZweSr5npatP4uMcDZ3DalRx7Dhef5PpOmt0BTuV9AJpBLDe
+l3qpQo/z5a25wJa1fe7xk2nbVGjI7goxJSJu4BovE9pBw0GkQz44xNiKn+S4Bunp
+lIJ9CpB1i9+EN7xxcG2vPkcsajgCmoXqlMfxvuvegZPISAwsxjd9WPO8BuC1a6dA
+EmVffgNsK43YGSnBJZEmmOb+1uGvbZJHLiMcpTF2xiaCr9qxDurn1euOFJ4nIF1f
+ONZTTyJQ
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/templates/ssl/ssl.properties b/templates/ssl/ssl.properties
new file mode 100644
index 0000000..de79016
--- /dev/null
+++ b/templates/ssl/ssl.properties
@@ -0,0 +1,13 @@
+## client setting
+tls.client.certPath=/home/rocketmq/ssl/client.crt
+tls.client.keyPath=/home/rocketmq/ssl/client_rsa_private_pkcs8.pem
+tls.client.keyPassword=client
+tls.client.trustCertPath=/home/rocketmq/ssl/ca.crt
+
+## server setting
+tls.server.certPath=/home/rocketmq/ssl/server.crt
+tls.server.keyPath=/home/rocketmq/ssl/server_rsa_private_pkcs8.pem
+tls.server.keyPassword=server
+tls.server.trustCertPath=/home/rocketmq/ssl/ca.crt
+#server.auth.client
+tls.server.need.client.auth=required
\ No newline at end of file


Mime
View raw message