This is an automated email from the ASF dual-hosted git repository.
reta pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/main by this push:
new caec034dc72 Update README.md with more detailed certificate / keystore
generation instructions
caec034dc72 is described below
commit caec034dc728e6c5dbc88cb2d663858f76fe035a
Author: Andriy Redko <[email protected]>
AuthorDate: Tue Nov 4 08:44:22 2025 -0500
Update README.md with more detailed certificate / keystore generation
instructions
---
testutils/src/test/resources/keys/README.md | 61 ++++++++++++++++++++++++++---
1 file changed, 56 insertions(+), 5 deletions(-)
diff --git a/testutils/src/test/resources/keys/README.md
b/testutils/src/test/resources/keys/README.md
index 9ad9eaf4101..e9ef16b2789 100644
--- a/testutils/src/test/resources/keys/README.md
+++ b/testutils/src/test/resources/keys/README.md
@@ -1,4 +1,4 @@
-How to create / update certs and truststores
+How to create / update certs and truststores
###
1. `openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days
3650 -nodes`
@@ -15,8 +15,59 @@ How to create / update stsstore.jks, clientstore.jks and
servicestore.jks
###
1. `openssl req -x509 -newkey rsa:4096 -keyout myclientkey.pem -out
myclientkey.cert -days 3650 -nodes`
+ Use followig data:
+ ```
+ [email protected]
+ CN=www.client.com
+ OU=IT Department
+ O=Sample Client -- NOT FOR PRODUCTION
+ L=Niagara Falls
+ S=New York
+ C=US
+ ```
+2. `openssl req -x509 -newkey rsa:4096 -keyout myservicekey.pem -out
myservicekey.cert -days 3650 -nodes`
+ Use followig data:
+ ```
+ [email protected]
+ CN=www.service.com
+ OU=IT Department
+ O=Sample Web Service Provider -- NOT FOR PRODUCTION
+ L=Buffalo
+ S=New York
+ C=US
+ ```
+3. `openssl req -x509 -newkey rsa:4096 -keyout mystskey.pem -out
myservicekey.cert -days 3650 -nodes`
+ Use followig data:
+ ```
+ [email protected]
+ CN=www.sts.com
+ OU=IT Department
+ O=Sample STS -- NOT FOR PRODUCTION
+ L=Baltimore
+ S=Maryland
+ C=US
+ ```
+
+Update stsstore.jks
+####
+
+1. `keytool -import -alias myclientkey -file myclientkey.cert -keystore
stsstore.jks -trustcacerts`
+2. `keytool -import -alias myservicekey -file myservicekey.cert -keystore
stsstore.jks -trustcacerts`
+3. `openssl pkcs12 -export -out mystskey.p12 -inkey mystskey.pem -in
mystskey.cert -name mystskey`
+4. `keytool -importkeystore -deststorepass stsspass -destkeystore
clientstore.jks -srckeystore mystskey.p12 -srcstoretype PKCS12 -alias mystskey
-destkeypass stsspass`
+
+Update clientstore.jks
+####
+
+1. `keytool -import -alias mystskey -file mystskey.cert -keystore
clientstore.jks -trustcacerts`
+2. `keytool -import -alias myservicekey -file myservicekey.cert -keystore
clientstore.jks -trustcacerts`
+3. `openssl pkcs12 -export -out myclientkey.p12 -inkey myclientkey.pem -in
myclientkey.cert -name myclientkey`
+4. `keytool -importkeystore -deststorepass cspass -destkeystore
clientstore.jks -srckeystore myclientkey.p12 -srcstoretype PKCS12 -alias
myclientkey -destkeypass cspass`
+
+Update servicestore.jks
+####
+
+1. `keytool -import -alias mystskey -file mystskey.cert -keystore
servicestore.jks -trustcacerts`
2. `keytool -import -alias myclientkey -file myclientkey.cert -keystore
stsstore.jks -trustcacerts`
-3. `openssl req -x509 -newkey rsa:4096 -keyout myservicekey.pem -out
myservicekey.cert -days 3650 -nodes`
-4. `openssl pkcs12 -export -out mystskey.p12 -inkey myservicekey.pem -in
myservicekey.cert -name mystskey`
-5. `keytool -importkeystore -deststorepass stsspass -destkeystore
clientstore.jks -srckeystore mystskey.p12 -srcstoretype PKCS12 -alias mystskey
-destkeypass stspass`
-6. `keytool -import -alias myservicekey -file myservicekey.cert -keystore
stsstore.jks -trustcacerts`
\ No newline at end of file
+3. `openssl pkcs12 -export -out myservicekey.p12 -inkey myservicekey.pem -in
myservicekey.cert -name myservicekey`
+4. `keytool -importkeystore -deststorepass sspass -destkeystore
servicestore.jks -srckeystore myservicekey.p12 -srcstoretype PKCS12 -alias
myservicekey -destkeypass sspass`
