PDavid commented on PR #2359:
URL: https://github.com/apache/zookeeper/pull/2359#issuecomment-4033027708
### Testing
Tested this locally as follows:
Created keystore: `keytool -genkeypair -alias zkAdmin -keyalg RSA -keysize
2048 \
-dname "CN=your.server.com" -validity 365 \
-keystore keystore.jks -storepass password -keypass password`
Created truststore:
```
# Export the cert
keytool -export -alias zkAdmin -file zkAdmin.crt \
-keystore keystore.jks -storepass password
# Import into truststore
keytool -import -alias zkAdmin -file zkAdmin.crt \
-keystore truststore.jks -storepass password -noprompt
```
Added these to `zoo.cfg`:
```
admin.enableServer=true
admin.serverPort=8080
admin.forceHttps=true
admin.ssl.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
admin.ssl.enabledProtocols=TLSv1.2,TLSv1.3
ssl.enabledProtocols=TLSv1.2,TLSv1.3
ssl.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ssl.keyStore.type=jks
ssl.trustStore.type=jks
ssl.quorum.keyStore.type=jks
ssl.quorum.keyStore.location=keystore.jks
ssl.quorum.keyStore.password=password
ssl.quorum.trustStore.type=jks
ssl.quorum.trustStore.location=truststore.jks
ssl.quorum.trustStore.password=password
ssl.clientAuth=none
```
Started ZooKeeper:
```
mvn clean install -DskipTests && bin/zkServer.sh start
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
