This is an automated email from the ASF dual-hosted git repository. ffang pushed a commit to branch 3.6.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 2cd3d1150e3dee3b9c20a9bd6ef19eb5c126c6ab Author: Andriy Redko <[email protected]> AuthorDate: Tue Nov 4 08:44:22 2025 -0500 Update README.md with more detailed certificate / keystore generation instructions (cherry picked from commit caec034dc728e6c5dbc88cb2d663858f76fe035a) (cherry picked from commit abe724bea77a5a13f853eaa033f7520e37afb1a8) --- testutils/src/test/resources/keys/README.md | 61 ++++++++++++++++++++++++++--- 1 file changed, 56 insertions(+), 5 deletions(-) diff --git a/testutils/src/test/resources/keys/README.md b/testutils/src/test/resources/keys/README.md index 9ad9eaf4101..e9ef16b2789 100644 --- a/testutils/src/test/resources/keys/README.md +++ b/testutils/src/test/resources/keys/README.md @@ -1,4 +1,4 @@ -How to create / update certs and truststores +How to create / update certs and truststores ### 1. `openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650 -nodes` @@ -15,8 +15,59 @@ How to create / update stsstore.jks, clientstore.jks and servicestore.jks ### 1. `openssl req -x509 -newkey rsa:4096 -keyout myclientkey.pem -out myclientkey.cert -days 3650 -nodes` + Use followig data: + ``` + [email protected] + CN=www.client.com + OU=IT Department + O=Sample Client -- NOT FOR PRODUCTION + L=Niagara Falls + S=New York + C=US + ``` +2. `openssl req -x509 -newkey rsa:4096 -keyout myservicekey.pem -out myservicekey.cert -days 3650 -nodes` + Use followig data: + ``` + [email protected] + CN=www.service.com + OU=IT Department + O=Sample Web Service Provider -- NOT FOR PRODUCTION + L=Buffalo + S=New York + C=US + ``` +3. `openssl req -x509 -newkey rsa:4096 -keyout mystskey.pem -out myservicekey.cert -days 3650 -nodes` + Use followig data: + ``` + [email protected] + CN=www.sts.com + OU=IT Department + O=Sample STS -- NOT FOR PRODUCTION + L=Baltimore + S=Maryland + C=US + ``` + +Update stsstore.jks +#### + +1. `keytool -import -alias myclientkey -file myclientkey.cert -keystore stsstore.jks -trustcacerts` +2. `keytool -import -alias myservicekey -file myservicekey.cert -keystore stsstore.jks -trustcacerts` +3. `openssl pkcs12 -export -out mystskey.p12 -inkey mystskey.pem -in mystskey.cert -name mystskey` +4. `keytool -importkeystore -deststorepass stsspass -destkeystore clientstore.jks -srckeystore mystskey.p12 -srcstoretype PKCS12 -alias mystskey -destkeypass stsspass` + +Update clientstore.jks +#### + +1. `keytool -import -alias mystskey -file mystskey.cert -keystore clientstore.jks -trustcacerts` +2. `keytool -import -alias myservicekey -file myservicekey.cert -keystore clientstore.jks -trustcacerts` +3. `openssl pkcs12 -export -out myclientkey.p12 -inkey myclientkey.pem -in myclientkey.cert -name myclientkey` +4. `keytool -importkeystore -deststorepass cspass -destkeystore clientstore.jks -srckeystore myclientkey.p12 -srcstoretype PKCS12 -alias myclientkey -destkeypass cspass` + +Update servicestore.jks +#### + +1. `keytool -import -alias mystskey -file mystskey.cert -keystore servicestore.jks -trustcacerts` 2. `keytool -import -alias myclientkey -file myclientkey.cert -keystore stsstore.jks -trustcacerts` -3. `openssl req -x509 -newkey rsa:4096 -keyout myservicekey.pem -out myservicekey.cert -days 3650 -nodes` -4. `openssl pkcs12 -export -out mystskey.p12 -inkey myservicekey.pem -in myservicekey.cert -name mystskey` -5. `keytool -importkeystore -deststorepass stsspass -destkeystore clientstore.jks -srckeystore mystskey.p12 -srcstoretype PKCS12 -alias mystskey -destkeypass stspass` -6. `keytool -import -alias myservicekey -file myservicekey.cert -keystore stsstore.jks -trustcacerts` \ No newline at end of file +3. `openssl pkcs12 -export -out myservicekey.p12 -inkey myservicekey.pem -in myservicekey.cert -name myservicekey` +4. `keytool -importkeystore -deststorepass sspass -destkeystore servicestore.jks -srckeystore myservicekey.p12 -srcstoretype PKCS12 -alias myservicekey -destkeypass sspass`
