Larry McCay created KNOX-477:
--------------------------------
Summary: Document the use of openssl and keytool to import cert
for gateway SSL
Key: KNOX-477
URL: https://issues.apache.org/jira/browse/KNOX-477
Project: Apache Knox
Issue Type: Bug
Reporter: Larry McCay
Assignee: Larry McCay
* created a private key and public cert using openssl - "openssl genrsa -out
privatekey.pem 1024"
* converted them to a PKCS12 store using openssl - "openssl req -new -x509 -key
privatekey.pem -out publickey.cer -days 1825"
* imported the PKCS12 store into a new gateway.jks using keytool - "openssl
pkcs12 -export -out public_privatekey.pfx -inkey privatekey.pem -in
publickey.cer"
* changed the alias of the imported key pair to "gateway-identity" using
keytool - "keytool -importkeystore -srckeystore public_privatekey.pfx
-srcstoretype PKCS12 -keystore gateway.jks"
* changed the key passphrase to something that I could know using keytool -
"keytool -changealias -alias "1" -destalias "gateway-identity" -keystore
gateway.jks -storepass knoxpw"
* provisioned the key passphrase into __gateway-credentials.jceks using
knoxcli.sh create-alias gateway-identity-passphrase - "bin/knoxcli.sh
create-alias gateway-identity-passphrase"
NOTE: You have to make sure that the keystore passwords are the same as the
master secret for the knox instance. If you are unsure of the master secret
then create a new one before you start the above: "bin/knoxcli.sh create-master"
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
