This is an automated email from the ASF dual-hosted git repository. vongosling pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/rocketmq-docker.git
commit 4d14bca1a89fe4937b123a571feaf0e0065e7c4b Author: walking98 <wiseking...@gmail.com> AuthorDate: Thu Jun 13 16:27:18 2019 +0800 [Issue#1] Need script for TLS/SSL scenario --- README.md | 18 +++- templates/play-docker-tls.sh | 28 +++++++ templates/ssl/README.md | 113 ++++++++++++++++++++++++++ templates/ssl/ca.crt | 21 +++++ templates/ssl/ca.srl | 1 + templates/ssl/ca_rsa_private.pem | 30 +++++++ templates/ssl/client.crt | 21 +++++ templates/ssl/client.csr | 17 ++++ templates/ssl/client_rsa_private.pem | 30 +++++++ templates/ssl/client_rsa_private.pem.unsecure | 27 ++++++ templates/ssl/client_rsa_private_pkcs8.pem | 29 +++++++ templates/ssl/server.crt | 21 +++++ templates/ssl/server.csr | 17 ++++ templates/ssl/server_rsa_private.pem | 30 +++++++ templates/ssl/server_rsa_private.pem.unsecure | 27 ++++++ templates/ssl/server_rsa_private_pkcs8.pem | 29 +++++++ templates/ssl/ssl.properties | 13 +++ 17 files changed, 471 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b9fb8e5..2e2d75d 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,23 @@ cd stages/4.5.0 ``` -## +## 5. TLS support + +Run: (It will startup nameserver and broker with SSL enabled style. The client will not invoke nameserver or broker until related SSL client is configurated. ) + +You can see detailed TLS config instruction from [here](templates/ssl/README.md) + +``` +cd stages/4.5.0 + +./play-docker-tls.sh + +# Once nameserver and broker startup correctly, you still can use the following script to test produce/consume in SSL mode, why, due to they still use the SSL setting which exists in JAVA-OPT of the docker rmqbroker container. +./play-producer.sh +./play-consumer.sh +``` + + ### To use specified heap size for JVM diff --git a/templates/play-docker-tls.sh b/templates/play-docker-tls.sh new file mode 100755 index 0000000..03ff51e --- /dev/null +++ b/templates/play-docker-tls.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +RMQ_CONTAINER=$(docker ps -a|awk '/rmq/ {print $1}') +if [[ -n "$RMQ_CONTAINER" ]]; then + echo "Removing RocketMQ Container..." + docker rm -fv $RMQ_CONTAINER + # Wait till the existing containers are removed + sleep 5 +fi + +if [ ! -d "`pwd`/data" ]; then + mkdir -p "data" +fi + +echo "Starting RocketMQ nodes..." + +# Start nameserver +# Start nameserver +docker run -d -v `pwd`/ssl:/home/rocketmq/ssl -v `pwd`/data/namesrv/logs:/home/rocketmq/logs -v `pwd`/data/namesrv/store:/home/rocketmq/store --name rmqnamesrv -e "JAVA_OPT=-Dtls.test.mode.enable=false -Dtls.config.file=/home/rocketmq/ssl/ssl.properties -Dtls.test.mode.enable=false -Dtls.server.need.client.auth=required" rocketmqinc/rocketmq:ROCKETMQ_VERSION sh mqnamesrv + +# Start Broker +docker run -d -v `pwd`/ssl:/home/rocketmq/ssl -v `pwd`/data/broker/logs:/home/rocketmq/logs -v `pwd`/data/broker/store:/home/rocketmq/store --name rmqbroker --link rmqnamesrv:namesrv -e "NAMESRV_ADDR=namesrv:9876" -e "JAVA_OPT=-Dtls.enable=true -Dtls.client.authServer=true -Dtls.test.mode.enable=false -Dtls.config.file=/home/rocketmq/ssl/ssl.properties -Dtls.test.mode.enable=false -Dtls.server.mode=enforcing -Dtls.server.need.client.auth=required" rocketmqinc/rocketmq:ROCKETMQ_VERSION [...] + +# Servive unavailable when not ready +# sleep 20 + +# Produce messages +# sh ./play-producer.sh diff --git a/templates/ssl/README.md b/templates/ssl/README.md new file mode 100644 index 0000000..aedf237 --- /dev/null +++ b/templates/ssl/README.md @@ -0,0 +1,113 @@ +# Description of TLS related files + +The purpose of this README file is to show how to generate SSL-related key pairs and self-signed certificates for testing, and how to configure the RocketMQ TLS configuration file parameters. + +## 1. Generating SSL related files + +### CA certificate and key file generation (directly generate CA key and its self-signed certificate) +``` +openssl req -newkey rsa:2048 -passout pass:123456 -keyout ca_rsa_private.pem -x509 -days 365 -out ca.crt -subj "/C=CN/ST=BJ/L=BJ/O=COM/OU=NSP/CN=CA/emailAddress=yourem...@apache.com" +``` + +### Server certificate and key file generation (directly generate server key and certificate to be signed) +``` +openssl req -newkey rsa:2048 -passout pass:server -keyout server_rsa_private.pem -out server.csr -subj "/C=CN/ST=BJ/L=BJ/O=COM/OU=NSP/CN=SERVER/emailAddress=yourem...@apache.com" +``` + +### Signing a server certificate with a CA certificate and key +``` +openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca_rsa_private.pem -passin pass:123456 -CAcreateserial -out server.crt +# Alternatively, convert the encrypted RSA key to an unencrypted RSA key, avoiding the requirement to enter the decryption password for each read. +openssl rsa -in server_rsa_private.pem -out server_rsa_private.pem.unsecure -passin pass:server +``` + +### Client certificate and key file generation (directly generate client key and certificate to be signed) +``` +openssl req -newkey rsa:2048 -passout pass:client -keyout client_rsa_private.pem -out client.csr -subj "/C=CN/ST=BJ/L=BJ/O=COM/OU=NSP/CN=CLIENT/emailAddress=yourem...@apache.com" +``` + +### Signing a client certificate with a CA certificate and key +``` +openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca_rsa_private.pem -passin pass:123456 -CAcreateserial -out client.crt +# Alternatively, convert the encrypted RSA key to an unencrypted RSA key +openssl rsa -in client_rsa_private.pem -out client_rsa_private.pem.unsecure -passin pass:client +``` + +### PKCS8 processing of the client and server keys (Reason: see Appendix 1) +``` +openssl pkcs8 -topk8 -v1 PBE-SHA1-RC4-128 -in server_rsa_private.pem -out server_rsa_private_pkcs8.pem -passout pass:server -passin pass:server +openssl pkcs8 -topk8 -v1 PBE-SHA1-RC4-128 -in client_rsa_private.pem -out client_rsa_private_pkcs8.pem -passout pass:client -passin pass:client +``` + +## 2. RocketMQ TLS Configuration Instructions +ssl.properties (Note: there should be no spaces after the attribute value) +``` +## client setting +tls.client.certPath=/home/rocketmq/ssl/client.crt +tls.client.keyPath=/home/rocketmq/ssl/client_rsa_private_pkcs8.pem +tls.client.keyPassword=client +tls.client.trustCertPath=/home/rocketmq/ssl/ca.crt + +## server setting +tls.server.certPath=/home/rocketmq/ssl/server.crt +tls.server.keyPath=/home/rocketmq/ssl/server_rsa_private_pkcs8.pem +tls.server.keyPassword=server +tls.server.trustCertPath=/home/rocketmq/ssl/ca.crt +#server.auth.client +tls.server.need.client.auth=required +``` + +## 3. Use the SSL config on RocketMQ +1. Client Side (System Properties) +``` + -Dtls.enable=true + -Dtls.client.authServer=true # force verifying server cert + -Dtls.test.mode.enable=false # not a test mode + -Dtls.config.file=/home/rocketmq/ssl/ssl.properties +``` +2. Broker Side (System Properties) +``` + -Dtls.test.mode.enable=false #not a test mode + -Dtls.config.file=/home/rocketmq/ssl/ssl.properties + -Dtls.server.need.client.auth=required +``` + + +## 4. Appendix + +1. It's a bug in Java: https://bugs.openjdk.java.net/browse/JDK-8076999 +``` +$ docker logs rmqbroker +java.lang.IllegalArgumentException: Input stream does not contain valid private key. + at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:278) + at org.apache.rocketmq.remoting.netty.TlsHelper.buildSslContext(TlsHelper.java:124) + at org.apache.rocketmq.remoting.netty.NettyRemotingClient.<init>(NettyRemotingClient.java:133) + at org.apache.rocketmq.remoting.netty.NettyRemotingClient.<init>(NettyRemotingClient.java:99) + at org.apache.rocketmq.broker.out.BrokerOuterAPI.<init>(BrokerOuterAPI.java:74) + at org.apache.rocketmq.broker.out.BrokerOuterAPI.<init>(BrokerOuterAPI.java:70) + at org.apache.rocketmq.broker.BrokerController.<init>(BrokerController.java:189) + at org.apache.rocketmq.broker.BrokerStartup.createBrokerController(BrokerStartup.java:210) + at org.apache.rocketmq.broker.BrokerStartup.main(BrokerStartup.java:58) +Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48) + at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:257) + at sun.security.util.DerInputStream.getOID(DerInputStream.java:314) + at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) + at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) + at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132) + at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114) + at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372) + at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95) + at io.netty.handler.ssl.SslContext.generateKeySpec(SslContext.java:907) + at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:963) + at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:953) + at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:276) + ... 8 more + +For illustration purposes: + +openssl genrsa -out private_openssl.pem +openssl pkcs8 -topk8 -v1 PBE-SHA1-RC4-128 -in private_openssl.pem -out private_pkcs8_v1.pem -passout pass:123456 +openssl pkcs8 -topk8 -v2 des3 -in private_openssl.pem -out private_pkcs8_v2.pem -passout pass:123456 +KSE can open private_pkcs8_v1.pem just fine (that is when running under Java8, things are even worse with Java7), while trying to open private_pkcs8_v2.pem will cause java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48). + +``` \ No newline at end of file diff --git a/templates/ssl/ca.crt b/templates/ssl/ca.crt new file mode 100644 index 0000000..4b47bb5 --- /dev/null +++ b/templates/ssl/ca.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZjCCAk4CCQCtAwqWe7vLNzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJD +TjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQwwCgYDVQQKDANDT00xDDAKBgNV +BAsMA05TUDELMAkGA1UEAwwCQ0ExIzAhBgkqhkiG9w0BCQEWFHlvdXJlbWFpbEBh +cGFjaGUuY29tMB4XDTE5MDYxMzA3MDk1M1oXDTIwMDYxMjA3MDk1M1owdTELMAkG +A1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjEMMAoGA1UECgwDQ09N +MQwwCgYDVQQLDANOU1AxCzAJBgNVBAMMAkNBMSMwIQYJKoZIhvcNAQkBFhR5b3Vy +ZW1haWxAYXBhY2hlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANdzKEOXr/NRkJir0+vHGYkbAYhRZaFvAJTnjymAOtipAEWENgUTcNSOfdJu+0EZ +Xiw8sItYgj/WOBMdsHLDFDv2Z/tKZodPFOH2UkgmqrHEQLVSXoRcEaOMs9OXrVBy +0tzv2VQdGyihIM0hWHGXEcf7jbh7mhho0fVI0Kc7YfWrx1Q57ad4WzM9zAvsU5J4 +tyBGfgZQcScwVbyqc01N5Q0pUKRbVNgIYbr806a6lOHc0NfHrZFyyo0TGCF/U3o5 +Wkyb2Nm67IGJXwbFICi3u8IEVcqy/8JLHja8IXW89oksqY6lSkergsHpUESW1y7q +tREeeLbZqJVUUA/T8yLAr7UCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAResTmwE0 +JW9mvWfZX9jI5/ERUOklYkiTRNfbVtXMJv2dnqpI6ZqUoAt7Yq+W1jYHqqf+sSYP +jbaxO2aC5nTQIigdbrtNazpUScSiFCydu9wThlY4sGWu39Yy5YJ55MsE/Ra7J8lj +v7EjWe+eG54f9kOfjwAsH2oKIntxSvHvGoNZ7/46JwU3volL+EAVA+Yvs5mwR4F2 +NB9FItBK2TCRErmf6JrP/2TZ399kabVRk1ZSjGNoe3UQc5ZxlvtW3shGR0d98ysf +/AkVb6P77tAc4VX9ccoznc1xR/kzZMCu/AWc8TNV5lzVL4EfmKrtrzWAHkkeTLjY +lSck/qDdF0uKNg== +-----END CERTIFICATE----- diff --git a/templates/ssl/ca.srl b/templates/ssl/ca.srl new file mode 100644 index 0000000..3a6e474 --- /dev/null +++ b/templates/ssl/ca.srl @@ -0,0 +1 @@ +E58D4036D019CAA5 diff --git a/templates/ssl/ca_rsa_private.pem b/templates/ssl/ca_rsa_private.pem new file mode 100644 index 0000000..367ae2e --- /dev/null +++ b/templates/ssl/ca_rsa_private.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIlNAfpmmINeQCAggA +MB0GCWCGSAFlAwQBKgQQxMXaVtdrGf1s/DOwm1C3gQSCBNA5DnEMy5d3auB7nZVm +MNe4zwNSgQ/iEY7XLPIHTy2d+xyUcQBHbGw1dyHpUPJJfCLS0w46BZWoiMTZRhpO +sCNDbpGhaIVf54zZlXUm5suy3lIrydQTftn1TsUN5Ba2UVkmKNzfyoWFebfYx/YO +ZjyB4nxaQcxLjOl18eq+36uZHae5Oo8ccYO9rUHqWTpShalK4TH92qwQpH9YNoJP +zTPu/sCvovUPuyPNZ9RhoaDucwQs2oHzAPCBIHPu0bYVef8gklsSFCyM6o6UayRr +WwB8CSekwYLtGzZnAKQrOEaxwhdZRMzwC86YtFhPD3Qfo7MnsJ10bDCqaaDFkWCn +Y7N+FiBblZG5+QbBwu0ltNSHMr3en2xFkf4pp4TnlNOnqaZmI3Mw4Y9pX3+3XUL5 +3vC0dsygFw76RQNw1QK/XtdvXBKWvO/BPrZQsE6cRWyODsBf3oYJqocf+MWtszGi +wWuYwpA51aXyWiBB4oD43UYO1GVls9hMOcL3SorTT0XQbd9KFtvJoFpl92owlD6J +ht2UbmyrBq/nx8/9mYvPq1vudt0HxpbqJU2CMsUg8FzBrwQpthpdysduEfpyAIhU +iZ9NxM4eLmzPP82TwzjOb642M2Gc150Fbuh//EajSqpA303OcOjNVPtV5ZPv+Jqt +5JZFUiKwMogIfRllSfFKMihzpHi3y20oDsz96FO8Qz8Iri3VlLk6Hd8nc7Mhk6bL +Az2Nl18sHvPchnolm9/avWuVZb6P2y3xXFmdPk/Ow+rRKBXV9JEGd11KWd2Iof1x +MwDCilPcZG/ifYhbZFvrVQIvUT/PZH83p/3QFrGLZoAYxxyb5qhtPbTrAoPy6j03 +cZSLvrExD0iANCg9LRZbKjpz/kRhpChnJ0Xg3C4xgSMilqbsr8DgBp7Bns2ReV4B +DTvJgjgLGekgc2PEqt5IyHkCo4M9E981NiU90rtm/6SOtjXLaBvrEpQc09bmAExE +/Syvj8OgJwpsNBhbgOMILItNf+b5+xeVf1fQZVqaFBx4ENNHPx382+6LWKb1eMMW +fslO0MDcAC+8M7bsAZrvCSdHyF0rNdbjxYpETJRxPkbVaxhHnNKdXUp8YRAk93JE +iC7ZppGUrpizY9kMRGmSFai6jdMWEKOazOkScfbCoyVHbzWxD01WqR7Rfy3+1d2f +HNwPQTOLmPIpw9NZ0E+k6HBw1C1J0ZplhXA6m4vwlq4kJtmki2dvcRjGdViAHc9q +b4gDjGmR8uexs7UHcwxXCCUOKKrWxXnzqhB2NdBuU3Wz1I5VYtxJZxCIDdNlBGBz +jkXwwVS6tTV2MeUTwvel2LLeouf+XemHNjJseR/1d+RThYKbGsas4PiVdQXIJ5Dv +9OJbiFq7sypIAoLLCJx7zXAFr6CY/EdrcyZ2EISkIBILOfja2Yasm4xUiRE4/hxn +x/b6pCqvuDXbWDFCclMM2VqM+/MFDU7Sixl9xYb75Wnhc/0+C0T5KtrQjy3/1lUD +uBNSty/uKDUPTxxAhVNXKqfOZtTgtZtMqF9m3fVn5eF0ZLzEdoaAaOjIgLTJuxNK +fpUkT8YRwY+r0noBJAtX5Iz4KejrTUzQ2fHjF072ktL2AUCztyuGZKmBHlTnZq99 +639DZUIe/Ejtl2LqMz/ggksS/A== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/templates/ssl/client.crt b/templates/ssl/client.crt new file mode 100644 index 0000000..850057c --- /dev/null +++ b/templates/ssl/client.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDajCCAlICCQDljUA20BnKpTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJD +TjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQwwCgYDVQQKDANDT00xDDAKBgNV +BAsMA05TUDELMAkGA1UEAwwCQ0ExIzAhBgkqhkiG9w0BCQEWFHlvdXJlbWFpbEBh +cGFjaGUuY29tMB4XDTE5MDYxMzA3MTA1NVoXDTIwMDYxMjA3MTA1NVoweTELMAkG +A1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjEMMAoGA1UECgwDQ09N +MQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBkNMSUVOVDEjMCEGCSqGSIb3DQEJARYU +eW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC9DgTX7RfPfdu7kI0LTDJZsEZjcO7v6jjuI5AsGie9V8jCYusJGI7VbHEF +DlAd8Bj+Di+VDSKyVhBwVvE9vCFtccXpnnbq1BuLTiJuMJ8JoAF6BZnnS7heGeXE +073nco8m90kt2GvDJ+GGtM29tDzAGRZiEXlGABQOvRblqUNK4ZyIOcS+nhPMxu5v +JF1kA2xS03ow+Sas0CtJ90yPCNJEczuyeXuyeJTlMKUsPyjzwQsKQRScipi7X6MO +h+4dDm3FRt0N4+H29yGHSjxgmlzR5H4/je7INW6YXCPoK5YrcsPfbgl2FvqHMMC2 +wH7+Yjlf1GCFWWAC84p6x+2DtbgdAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAH97 +Nia1GGSR2oyLD/AYuss3NyPkLvwjd2s2rZR2HfvqivRCrMSt8GAlQBhrN8dnVCd1 +j3dLQMEQ7iZ6lsL7Gjo8ppmz6el2yvZ0XHYkCS8YC7pu5G+9H2+SP5pFXA5CFowj +GCwUHETMnGEZ3dGIVn06Ifyu0nPNT22l0gycC7lZDz69i0JE7FN3ijBl2UCsfphm +9ayBf+bZ+ZQWGTaBO8hQcl4FNPle6Yw63/x4l47ks+zHw7pIOKE59gSbzimvi8zI +uLn0GnJrn+medVSlD1enDrWvEfFSL1ZyGkFiqMlBAQjHGDfj8+sTLfsA4pwnYNqq +1reXIuFOMouI4UVfgS0= +-----END CERTIFICATE----- diff --git a/templates/ssl/client.csr b/templates/ssl/client.csr new file mode 100644 index 0000000..4624fd6 --- /dev/null +++ b/templates/ssl/client.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICvjCCAaYCAQAweTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQH +DAJCSjEMMAoGA1UECgwDQ09NMQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBkNMSUVO +VDEjMCEGCSqGSIb3DQEJARYUeW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9DgTX7RfPfdu7kI0LTDJZsEZjcO7v6jju +I5AsGie9V8jCYusJGI7VbHEFDlAd8Bj+Di+VDSKyVhBwVvE9vCFtccXpnnbq1BuL +TiJuMJ8JoAF6BZnnS7heGeXE073nco8m90kt2GvDJ+GGtM29tDzAGRZiEXlGABQO +vRblqUNK4ZyIOcS+nhPMxu5vJF1kA2xS03ow+Sas0CtJ90yPCNJEczuyeXuyeJTl +MKUsPyjzwQsKQRScipi7X6MOh+4dDm3FRt0N4+H29yGHSjxgmlzR5H4/je7INW6Y +XCPoK5YrcsPfbgl2FvqHMMC2wH7+Yjlf1GCFWWAC84p6x+2DtbgdAgMBAAGgADAN +BgkqhkiG9w0BAQsFAAOCAQEADPNzwKiL4s4XJNv1tUbwMGoxjgoIGit8o/cHkR1t +zM98KREvCsSxhR+oAjnXTq/sw57ZxDW49RABFswsKcq1gi/14XvQOLjn9q8+Lt3d +tZO0wnvF0wbPruMG1BzDNcNZ6cI6MxnffdgHaIvj8jZ6+ky3/AWFm54xQv/k2sos +Am9gTKFad+1nQWK0BB5LlL92CeJ070i1QaLqAcpqLNxQt/AHlcCYsXgh3Em4DE3T +NXQ6LfLDtXRMS4LHsCg9FpX5kdCBhtpR711F3dp/L8FT2mfI4dnpxiow3jE68+S9 +o3Xp+QCNmJ8MXlQx3X0mBO1Lb7dy6TgR1FCiltAx0JMhbg== +-----END CERTIFICATE REQUEST----- diff --git a/templates/ssl/client_rsa_private.pem b/templates/ssl/client_rsa_private.pem new file mode 100644 index 0000000..1c4e35d --- /dev/null +++ b/templates/ssl/client_rsa_private.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI3Y+Ip2IEWYcCAggA +MB0GCWCGSAFlAwQBKgQQOKd56H9rUJh0G8frLK/QQASCBNDJCztIrpHwj0g5CusF +YQHVcL5BNDzH9Bg6B5LDmKAgXtgd9Xmy/asAmX1QGDUajGhbxFcLcUibvQKxOhzl +/Dwm2M3fR7gecosMU+K6T519nk/fsugXQfJUUPU7aGYwpSUz8myKHDUKlGRLJ23Z +1PX/KkB6ud4K5yGEkisCSxPO+rf+YjJCe7+VohsLKnC5mUiBxbGtPKxI5dzijZo+ +MksEaOklvJzJGgwlKgNj3D6OurASGYeyxbORaKkT3YBvW/RwuWJ5BTKMf7nMNIFS +umRPkacE5sgisyJHe4X0SHFvlthG4DXQ9SYE9Yh224RPQ3arv6NvSUO/FF33wDpZ +iKnrsx1GpB2+DmbXUNEYhlG9KFGR2gx2WtQBfcY1dUHQUvZ9XhGsgvkhHVUHrPXW +HfY2SddpIt0sgwTeni7f5AA6n0TEsESPwItbpReEgZv7D23gOEYD5voXzBHxn0YJ +B9ZiebD+SHqScZpJPuCvBIn+na2gdZLo5w4uK2tdMicv9Quf4I7mJXHsxUgGCRK0 +qXz3PjvmK/odJZf1+e4RB1wf90Pjp1YIlNzNkTDr0rWAiX5a1a82c2gZwULZZ8uM +yo0Cd6YE2idzzQrfXf4mejfhBc7EPqSbagvEwteUTUpMqHJifr22Cw9jdbXDNtB8 +ZyqebxOdfejZ1mMMaTFJSmXhY/a9l3XRPVwOAWcTjrZjAx+gHYYHOUaDdnB+etj6 +bhcUjnEM+40WT7n3DuTSnexSE2pwROqKbnrtlMqN5CTqWv1295Q/N6PrTyyQN3xD +zwZaXvIQPFh3BTm4m4otIVeYp3qqE0ESFsE46RZjtw3tSrAWbNrhl9m5LD65aKiO +S0zDW89RenUiLHaDa4r2kD18tAf8cTbls5E03IIcgR12vVT6c0rY5DM7VpI72fN0 +xsBML1BbJ8P8V8T5RHzxFhbcDfO7BGe/n4rAyrJQX/B1b5+RrhI8bGdMKjCsPeuG +qsmC+u6BlAd4/2nvvMHvUefkw2k9MiiWH/q7vXRvqi24LURutgM6G1+k7c7Cyeog +HDLz2QA2YYwMKO0sDHeF9D1n2dhCCoi60yRm4Hi8ePBIlJs+yAya+DI8LODM8xBm +ZkGMOUTQayFZ+GGgEe+aqnZiVqkBOIcY+cGofn6EKzPjTqrZ20g31Zlt/NNdJYmt +QiLjWsuHMy8NuAvPJtEKDqzFNI1aHmXVSpMnSujtwBxibnTu+pPjFSpyp4Ftdh1Y +VwfnNDDaoGtmRCVJQ3wxBbmCo85MkLAqsPu0aI3SyiUAYw7WX2vf4U0nzLUobFQQ +AXbdLHI9+eDZ042g76ZLdR5unye89iYoxblXSoUbYhJqmE7rgXpORouljg0GWdbi ++TP/uWlSrp7z0ErwewIydQ17SyA6MVrhhGgp/q/FRYx+dpUswPSvbeR23kzfeFNT +ICJToVli6C1M1+YA0wTehWJtCLYP/tBBRSVROnVdnZQ00ERJ96RzVtKnt0SdV/3e +gpj8NyJYnYuuO9H7NTk9K1SnKLfCBcsCU0Z5dHvoMkxEYr8J8nuZf9hy5IfbyUNO +9o6KhAB7SVIgwjCwlmzeczWXPVrdeYqWSTFrrIia5PDJkaZlX3pm2jjHHKmxWF0o +H6N5Z5yWW7emy8K+eSvMpfTJeQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/templates/ssl/client_rsa_private.pem.unsecure b/templates/ssl/client_rsa_private.pem.unsecure new file mode 100644 index 0000000..7e9a4e3 --- /dev/null +++ b/templates/ssl/client_rsa_private.pem.unsecure @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvQ4E1+0Xz33bu5CNC0wyWbBGY3Du7+o47iOQLBonvVfIwmLr +CRiO1WxxBQ5QHfAY/g4vlQ0islYQcFbxPbwhbXHF6Z526tQbi04ibjCfCaABegWZ +50u4XhnlxNO953KPJvdJLdhrwyfhhrTNvbQ8wBkWYhF5RgAUDr0W5alDSuGciDnE +vp4TzMbubyRdZANsUtN6MPkmrNArSfdMjwjSRHM7snl7sniU5TClLD8o88ELCkEU +nIqYu1+jDofuHQ5txUbdDePh9vchh0o8YJpc0eR+P43uyDVumFwj6CuWK3LD324J +dhb6hzDAtsB+/mI5X9RghVlgAvOKesftg7W4HQIDAQABAoIBAFwuQLhUF58JXCGZ +etw+W/KVW8zS3P5IM1gSKRMH8caFzhLSDo4R1ltEE9uGPhRK5LTDj/naPMe95SgR +jHEwkQ//QKQHqy4XHBMRlwIpXPJhfTbVElTP++aONBWDtP3sQtaaDql29BxlDrcS +45qTDmgQE3Tf1kUGdsE0+7whivkwLxQS9V0G/Gk20Nfypx26iBGLPlf7DANn6CcM +DYySHF/AYjuwf7bHM7P6YOHGio3aZmV455RNw98lK29DwkAQnHwrs5Q9Dp+fibE8 +WrPDjB+mfJg/M5SHExnIbYxC/wO7GC2CnKEQ25jdC820yw/wPp3ug5fh9XDK6rd/ +CCA9mSECgYEA8e3IUZa9Xp3kkkJjPllcy8rsNv79+Ifmtn5Cx4klclHFQe2I8Wvw +/ZkhvjknDWaGxOYb4CEbLQCPQWxrvNp1/pItze68PrtsiSNnJHAjTnjXNaHc9wgy +y+/H4FqJy2Mfo0zGG65fCxiBSoFrx0K8p7Rs4nnrclohsRZ9Qc1/MmUCgYEAyAz2 +wwUrj76xUIta/j2Mnbnwcb0oY0uZVs9XMxpR05mGLw9FMSPTVWtE+rRCJ/dKBark +dSGkZ+rG8ICvgek09D6Tl+gSgUiM5mXPNcW3BuNF/EVQCGhakeyTFWUTGeuEb/Og +QsxccwcUHCXM4WryYnUu1yqzcpF+/hqlaMyrt1kCgYEA7hyht6PMeK6gxE9xDHG5 +wp7TxQFOCGoB6oX0xh027QCMTGo1CaC6zW8FZgssY6UQagUtVHhhHfbaCINkurit +v8QyLuiVAI1JsuRUZOm15ktLTe8k40J/dHdo22lhC/xgrEIpDh+eTfZtcl5VLQaD +VfBf5rwmvyL03C4NVFGkqn0CgYBf3P5+s8KNLncvvqfK/1mb15dmGZv6ASco11DU +9z7Q5FfNw0aH5sAFxdKXRLwTBMhe8OZrTsTG21WbuD7iRQuQI1B80cPUWhzS52Sl +QuqTDWPjIJ/ad483MCPHc9j0aczcDOX2PJHsuS6k0mRcfPBLyBW7HAZD138Aa2pq +TvHWeQKBgADj8mPJMyQfn6YcBCL81KvzF/1HmbdehIMh2kJNK/9g8PZOKx0KnIum +43JZDFnqheoZcHCO/K+IAR7Vw+MV4MWZ/pNG65rcFGwyXygVdV8j5/o5dfbY64jX +WZIixa4+pqr+PbILGC6YJrPBaxJclmzay+jFCkDyrfjIsJVXHmis +-----END RSA PRIVATE KEY----- diff --git a/templates/ssl/client_rsa_private_pkcs8.pem b/templates/ssl/client_rsa_private_pkcs8.pem new file mode 100644 index 0000000..f781bf6 --- /dev/null +++ b/templates/ssl/client_rsa_private_pkcs8.pem @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE4zAcBgoqhkiG9w0BDAEBMA4ECLmmzAmLIjO3AgIIAASCBMETwEYAUaz988mU +3NyUox7+owFLpeIkqHptQ+KP/iMmP+cXJe+hLMjyvG7HGSauQ5ruNSUqg2OfaHrx +RqzBjESlkqOmJ7u7IGNRGFlds+SHikbgHoJb+sYP1K7qPeHpCMgq+JD3cV0F7UQF +cUZNv/4PLSsw/lo70N8+FaGeGRto0TO8Djhlvs4sPM4rlTazV5h3LpOZCYkO56Gd +DpwYo+bcr1S0GxZMgyRbggAvcL02GTTvSoH5KdzX10UbH/pJh6Q28Syagg713iX8 +rku958UMtpluwlOmvjlZ8yxbz49q4UhUS1v9Ox/YB5XRwOQSCopJIWRJSgjLj3mj +o7APtLueV07nZ1jMG35T1kD5KhjwfXSjDpIWfeBuDy7rLzqHHNrCfZO97C8xltTn +25IItpQ3nKdzFA9+YuwSixPMUnR7pFrDKktU22DNpQGaXOBMKiKHk7nQv7oKCt6q +0WUa4H/flxVk94kLOKSND1UqNlrsGqoMjjC55DM1s+LsxdvXeMqiNTAJFI3sAxRM +o6SPqKuUxG+m9m/AqWXvwjVlnCXvTiWPUa/FBRvTUZUllxLwunhpJQNkbKLOqWjN +GPc2U8iaUf0FeXeCPoYervkU4cJBR6BAEgHfb7EFXh4gY7I8XOXOSENxVxnSWiWp +zVv0J+egmzbobwW/XvxK1+IyaFL9P9enUnyqmlIYEJqKp/QwMAdUiNuP+VZuFIBE +JldINC8KsvQREtYn3zImDbMvP9cDp9n8EFI0/9+R3BPrBhFBlfY06OfP6G2Dqynx +3RbbTcQKcCYwOkogZIsqCg4f7gRgTSPw71FrrcZO+JlBF7zF5COv9vr7wKcoBUkc +tVedq08mQOuGdz7NRiwMvapecdK9EQGGuMVrppz/6fbxYqUp3xFcT+KJ7yqfpv0f +KQF8zbjkcFawQic9lTFB/Xa14nOUQC7UDVcOOrBNic0WKRz8+bo78Mtsqe5abKhs +IkhR4w2YfhPMyCZTREeCeFdhSbDadseI+EoTyOYAIBJRCNI5rKDhWlVTdQNZ+wot +JO8Pnyi+FtSrmqoBATeBY4SzTH6+cDX0WLtiJl2KLvY8ezlvv+dzuv1Umm8Hp/El +tjBqNwU3pLQXJpuagX+6zOexghKHR9nvh/McEGWk5NTk8n+dedMkWxU2TB6Cteo/ +JB7zN/xl32uMw+74xuAaS0WblXmfMFm6FJrtOZ2xfxBZSc3yktfca5viIRLtRP0I +9EyGp05I71gr/5FV1ENitLFnso0GfFZ73gsRtRH1Jdcr09O3XmFcUAXWTJuo6u4h +fYMU98h/0sQ02PYYO1lWhK0zqJ1UD9MtpTUCt6gCgEq4FuZeHzfVbBZX5/b7G+q3 +dtmIIrITd8DZa4bzAYJzMPa4KfK95NuECUjGTlM+PuVKHTXC+ej9zlDm35XDJ/FU +N7H+c65GGrYTPro4R9tu/2T/P486icepC3gPC7nnMm7/zdORxWLzDIlZm3vkTG1T +p4Q3vF5+eYkMT42WV92o2JdYWU4YKgTTrrWEjO4MBHitZ/Apz4oz2bDiYZXFB+eS +Bysd1n3lvrk7huZ8o38sFW10mbdWPFjEb7ky7QaHUmpsmFIPT76yJ7+0msEt7Lv8 +fPuDvh9oqg== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/templates/ssl/server.crt b/templates/ssl/server.crt new file mode 100644 index 0000000..ebbfb40 --- /dev/null +++ b/templates/ssl/server.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDajCCAlICCQDljUA20BnKpDANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJD +TjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQwwCgYDVQQKDANDT00xDDAKBgNV +BAsMA05TUDELMAkGA1UEAwwCQ0ExIzAhBgkqhkiG9w0BCQEWFHlvdXJlbWFpbEBh +cGFjaGUuY29tMB4XDTE5MDYxMzA3MTAxOVoXDTIwMDYxMjA3MTAxOVoweTELMAkG +A1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjEMMAoGA1UECgwDQ09N +MQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBlNFUlZFUjEjMCEGCSqGSIb3DQEJARYU +eW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCrcoEkq7+3+/j6kptOBxJSC3y90oGOyQvMJyCmsytwr+Qj0J7so3ZyBp8B +lsUdvgq6Z9NzZpgu+bsjvIws/Ej6yfdM+TSPc7WdctRwtJjbxsYNRXI5X6dLf8gn +u9eXSkTzaJhNyx0+r0hH24ts1rTwAVXB5Rfb0A8748fR5Lx8juN+SSfCWaTQKqmd +QDiQN08WkCeNTnxMWOb9AqN2XAxj9GCCJOIdlr/XyPNWIJuIZkL+R6WsjIcR/7NH +v58VB9I0ve4tjd0fk7SpHrIqi3q87lt43Pf05yQqIp90HU5wu55JT6p9YsW+UaSl +eVVIxVAhehou4Q3oOjPNcJABwgPRAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAKM2 +rIbsKe+kpxdVgoZSznWztN10APYtGM/0ss76B2mT2SCmKDdhbkeCG4VW6qw3CtUs +odPTp4pKtG9UF/J3BAgwIHI0LnWQfxJ973t7vfzP9D1Q7/X6j4UaMbldj442MEDM +pItITWPxpEqMdd4O3EcqsxbqQRWiugjQ57+Z80GxoSFSthIMX3nUjGHfbewxy/Jk +VPdyqElzcJ0CwRE0Dey18h+bbqdyDaG0wJ+HKZlbx2A018SX+VhyTUpnytrTHhVb +SD9rsdtFJFfnyeatJMmtjn/Hlhb19k4kk/UxiStW95zxmesen9OHi1bRlUvPKcOO +bwdeH2xp7R1Tio1CY4E= +-----END CERTIFICATE----- diff --git a/templates/ssl/server.csr b/templates/ssl/server.csr new file mode 100644 index 0000000..5a8051c --- /dev/null +++ b/templates/ssl/server.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICvjCCAaYCAQAweTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQH +DAJCSjEMMAoGA1UECgwDQ09NMQwwCgYDVQQLDANOU1AxDzANBgNVBAMMBlNFUlZF +UjEjMCEGCSqGSIb3DQEJARYUeW91cmVtYWlsQGFwYWNoZS5jb20wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrcoEkq7+3+/j6kptOBxJSC3y90oGOyQvM +JyCmsytwr+Qj0J7so3ZyBp8BlsUdvgq6Z9NzZpgu+bsjvIws/Ej6yfdM+TSPc7Wd +ctRwtJjbxsYNRXI5X6dLf8gnu9eXSkTzaJhNyx0+r0hH24ts1rTwAVXB5Rfb0A87 +48fR5Lx8juN+SSfCWaTQKqmdQDiQN08WkCeNTnxMWOb9AqN2XAxj9GCCJOIdlr/X +yPNWIJuIZkL+R6WsjIcR/7NHv58VB9I0ve4tjd0fk7SpHrIqi3q87lt43Pf05yQq +Ip90HU5wu55JT6p9YsW+UaSleVVIxVAhehou4Q3oOjPNcJABwgPRAgMBAAGgADAN +BgkqhkiG9w0BAQsFAAOCAQEAPVQCIHeZszbwZWBWYxSsOyg8zdGJUJr94coP1Vqf +h4iSiMUQDIAVpobw2Np1f1SfIU/kc3jK3pSk+ac7kb5hf/2WA8UJMtyb4KUYxhYL +U6x+/imKjijLQb2UMOx9QyATMzX9N+r42mblWpGKbeT8v2iXXbFWOB6xffR3VmfO +FmZkHCTe0rO29wfDvJNG7UM7o7a4v9hu3FU3wu0woJKmNm7We8ePIYg1aWAoT7+6 +XloBIX4vpmqQgG1DoAwkJIQIyr+4z8o6MXDdMDYHK+OaRz0u7CpZD3fkWm92ceYP +W5jYtEV/krwwbMJJNOc3UlBf1bFnD6PrfCH68G4rnn2OtA== +-----END CERTIFICATE REQUEST----- diff --git a/templates/ssl/server_rsa_private.pem b/templates/ssl/server_rsa_private.pem new file mode 100644 index 0000000..c375910 --- /dev/null +++ b/templates/ssl/server_rsa_private.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIFwd6743xwR4CAggA +MB0GCWCGSAFlAwQBKgQQX+Zs4Opeu6nFw/SBfyRyzQSCBNAIkBV3aYRvkRrx9cPC +4Kui3tXktAPJz7/EAXjCS3ahBmBfCIQCDTvpNFBmtP+rbQFMh2RMVD8ntnhfRblN +++/XrDCPqA5qsovKXgrrpxsEYY8Z6l1V9N16y14heawVtR82mNDFRZ4i6RS8+B2X +WLf9wv3gmkBJuvkD9q3IT3uO6w8fbF4xaZ3tT+n6tlcvmZ6Ux9AZEpgrZvtIPhF7 +aCZMRhi0JqZALIjf3FK4EgFNzNFwLCLixPczvJvGRP8yf4oqC/dg6T5AiAdPLhyt +ccWAtgKDQu7iPGVe0MYlRhtXrSt13WlAt7Yg+0gcIMmYGyeAMZd12vBYUtR3ts3c +gy/K2OzcH0V4a69llbx1NzpoEzt4kKVjDWnIy++a0/nwVAI5WX2HwgPbs+ShQ3VO ++CWpSsGjUkReA2ObbIf9AHk97SysBkfULA0+DYfD7IrdSunmZVpdkj0gYEJo7jy+ +nn98LHBZqlJSerLoF/zInSAY8Ym4abtCvUjlAo+9Rm1DLlIEnbRvkAuLq7d8p6Mn +mHRgvvLlgGmDkOa4LzE/Q8+JD8X4XeVmPXT9JWYmOfJFKu1fP7gVXevyp4XfQNHD +7/d/0y3OAHpVWEWIT0hmuyYy3t0DOZx8HFlc3d4kHBXDtrVfXuQ7Ny6u3M3pbAGO +RdPT7a2X94o5/IAphmarCHIMosek0voby2oK2JL96hLl2vDFbAowN7TOxuiQKdjz +VW7XiELiXXcE7J9xhu+ZCmvgMTJP29tiu2/i0Tj2Nxz9EkPjIuDRm3BqPAxTReU8 +tUFj0t9Wuj2KTLPKbKt664Z92xFaS7MIFJrm3l6H/oGNa3qIpLYiBJeKN6ktCzbC +4ZQpUkz2uZDJBwcFKh7CJbc0HBSRgxa0MbW01VQBXz8zkzfDr2XUvNddA3gs5iP6 +sUtlUVK74MjfHmnsjQUsDNRLH7kMPjAlVS8qyamNMzBWmMcvS+orc59dzCVckmBu +MqJWKZLwU/gcSQRhGzokaYe40qtoNzcQV2YlUP4gotpC3AlyJlYHNEl65MbWjTKB +TyWXXdJJ7Hfn2j6k0PXhzHsNKBfTcy465no+/BR+wBpY7b3fIN5+EgGiisAM2gjX +eMRMhVOfV4+qY+nYARH4tavu2Sn5la6sqEGolu4iLp8hcMoJe9No6T4NDaAqMNWU +5wH+QunEL/eRfMY9Y1bxP+NspqOIjP++TXHN1i95eZsWF7au/B7Nl/5arkT3dqDO +sNv33Igatad8lkY7wy/lknqYPYyqSuQAmNuhIcNOJIv73ssaXqIhUtl/GDj++j5W +em2J3+cwEZyyQ+Bp4IDz3MHLa7cR8sAyWgREnAsbL1PhH47t44xUxDWe/zEiD1Qm +H4ak6adLQRGfPeSSEk7X4G8MPZ5rIfBX7BFamTnBaFvxCmiVRFd44dP4hEN+ozE8 +NQZdgGm4S6MENTgZTypEQ3i4H59sizrdW0kYcBP3taqKN/5p8/D+Pkg7UQf5ma31 +3UJinBWNGFQYUtCWLzkGCVypwnBSworlPHsRmFR/3uqozNNWa0x6uCAkpKzd5tXk +MwkgPA9Sf6ZXCNsfVoz8PfIC9Blj9LrOVkWfUUEztaNjet15gi0NJFuMfDoGeJ7J +OaYpJ1sk8E7q6rd3Br44CfTvlw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/templates/ssl/server_rsa_private.pem.unsecure b/templates/ssl/server_rsa_private.pem.unsecure new file mode 100644 index 0000000..05b1053 --- /dev/null +++ b/templates/ssl/server_rsa_private.pem.unsecure @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAq3KBJKu/t/v4+pKbTgcSUgt8vdKBjskLzCcgprMrcK/kI9Ce +7KN2cgafAZbFHb4KumfTc2aYLvm7I7yMLPxI+sn3TPk0j3O1nXLUcLSY28bGDUVy +OV+nS3/IJ7vXl0pE82iYTcsdPq9IR9uLbNa08AFVweUX29APO+PH0eS8fI7jfkkn +wlmk0CqpnUA4kDdPFpAnjU58TFjm/QKjdlwMY/RggiTiHZa/18jzViCbiGZC/kel +rIyHEf+zR7+fFQfSNL3uLY3dH5O0qR6yKot6vO5beNz39OckKiKfdB1OcLueSU+q +fWLFvlGkpXlVSMVQIXoaLuEN6DozzXCQAcID0QIDAQABAoIBAFKQlSLc1zo6TUAW +pFYiT69VOuCLZLsnlNffK/k7pbrh6eNZj390hREKoT55pjnZkH8OiyUzDizpNTdT +kMoFQPwNkVvvU2GWHqtRZn9UaZzFkBFKFWUN7JoOUozYCE4ihSwXfelQ3KeYcB2y +2+UxTPecHPmAY0oHW57C5jLtjdwJhjo3m3S+lh79uFE4u+QIUV86Psn8JBLej2QU +AYUy7AaAMuLHsJtWtP5jpaCKikCWYtfaCHismWpN2RbIwVp+unWhpryUpOOZx5F/ +iEE8OaDAkZimPgS2Bh67VmX2+SmaRFDRXKWEUXP3v7EVPY40SIZfZcqW7JSVrHkp +w+/pNUECgYEA0gw84EFJBGumMptwjTffajrtynE/cjtYSp/cmYisQsQXcb2DSjTS +zrK2kJmJUCuEeM1GQRkS0by4lk157BzZaBcMwad/4zwJ8ZU8676yKv0Rf488+DE4 +4IWByoSYElH9N9iW2eWWuH8+BeP86JUt+DgLqPBLsy7PKndNbzJE4BkCgYEA0PRw +JeNfjvcGTLDmm2qbtYYzheIUdQmwYUrYqRQCRPP3jxJIrrvwn9ID6Cx8FS2vdsXr +3vxYdaDARrijF1pDH3swm3GHrIV/qYAkb4Cy9mdoXK96AB0RD5plbo15952d6kfD +OdZ3D+FXUdJbqHIR0Vk60iRSR+bphfOK73r32HkCgYAd5/Ym68Ssp3MTU4RT5ved +VWST5UnmRsLMZTRwe8AjBW5dGGGACENXgKRztBiT3I5Q8NEm5Z4DVL5nUAKi9nyR +0G5ViDayMNMtnVT+L7mIW13Jbqh8oe16MigHoJdSTHAkKmdYANNT03IOPqa8qrjP +1ZL7a7MrgOeoITJaOasKyQKBgES81JOyK4JFQt5Bp2ri9BwP7K0TRTWHHW20CHf+ +bAyw0PRQyHYqvypkFQLwd1UkNT92NnShQJxZaEcbgBMzjzcw+Dl6bG5VcDybOeEw +Ti7+r3cmBpU4+p7OZKWshr3tLMCgINnK8lnYADibYamU9MWQe+gbKLIchR+akU7c +feHJAoGADF8pbOuCpRFZnUYzKh+RP2tHcRJSGSi7VouI9tCx+NXfKuuFlfw3+2ug +/xmbjwzXYUDw+VjpOYA1OAsqmtyk4sJKP2z4oA1RLUfuL1nXyHRgMQ39/KmY4/Uy +2hPaS1CkfAgSGqTpb0ciY8ELCJQIDrX3QNgCeR1cCHxLygDVGvc= +-----END RSA PRIVATE KEY----- diff --git a/templates/ssl/server_rsa_private_pkcs8.pem b/templates/ssl/server_rsa_private_pkcs8.pem new file mode 100644 index 0000000..8fd3c9b --- /dev/null +++ b/templates/ssl/server_rsa_private_pkcs8.pem @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE4jAcBgoqhkiG9w0BDAEBMA4ECJOZ3PKU8BRPAgIIAASCBMAocpv2E45lph1C +G5zcJbwMJw08ER7ouxnhcGyKt+CXIbMESikTUUJDudCWgTiTIt/A0baNPW4m6Zv+ +oJhvMBFl7KfUyCkVRpSw53ygHM6TeeIS0UP6x7eB9++yNCJ3ZVF7OzVvmDwx9FnV +XOfgQjZIIvcyXgn5jwj82PB7YG3fwQye4AUgmr6ngbMk/GZ35XIZSfPptHHdvkxG +DifswZynDX8FeH4NAKZJilC0m/gO2OayVRHl19LVTu9V/1SKya0uLJvP9Lezqwl9 +n1cSexe8rbpho3HX5nRbWk3T2/sM1F/fD/ylDdzgrvLe7xmlbExhBMZfIaFnTJu3 +4+dJBYlS7cBBeF2B+9/4r6TXVtZMsjNVmWLEye3ExXCOY41fKvTv5qH4TyXXrsrc +1G4Bv4+oNXa/WnfF8qDlvtsSouOPWHtQEQMVMKyaLL70Z1wyKFVtFT8EbkGmT878 +lJX/XsgXgfq61+OZUpriQb1+0nzlPStnRRUL07D+ryllvFRoIBh1q9OwIvdVHDsI +zh+KCVsPEuq7VdIW+wNRiomIGu4SLjquPYxyOnqV3YVmcSUfzbo+li1QcplC6WVS +LICZsvIuCUtEAOTXzJdcUMKSNgYX+sCLZBrG+EYZhTBFwTELSTGESC3gGGdua1nq +Bm86S1wBgY6i9jIDxvuLXOVcphVUB6/9PQrxbVAtrpeDXGAyMj72h1GSGehr/VuS +jlSNz/LLXoSCZKs6faPo3B0PM0VMN87dVNVpOw+3eTkdy2x/0H2oAoGVIbtSTvbh +bmTbCcMiXlwCBgfUZUu+6YuwRZzxXxS8gNpXW/RT8KNnmCLGNtjJhQN4hHfrKsAI ++M1qAVbkSixHRGWQygbFSUUQ8h7OYFMft5YpnKLgl/BaMjzAsFZOFbcOAerQHcL7 +FatCQpBCmQ8MleiEzK7rN7IGYe7yx0HW1NzX6ym2uhCUtwipH6sspT7hDJvMrGFW +vAQwBBdw6ewmjq+XCliSDNFTp1TRkiN0ilgeLS+EIBPKh0SFooXe5oXJhbTNVQem +is958jgJLeDGVDZrjyZq2ptPYb0kXmGQKvhnqZkO8hqI1xGbGZm7tERivolclMN2 +e4Yh1D68fcyOzpmfPiVN6T22I0GMAtq8exO+F2LTdarGWnBRr6aOp6QSPz7iMQhf +OHXUj4smLGkZT5XIlinoVK5YlKIq5aUusKrS9hxqNfyMTz9iETiNNg9hCTolXKvN +tuYygAMR44DqhLTsQLr/8++DxdLZ4v3Rd16q/YX1GNAUMvNEMzokDbp50+ET36Mg +VZu3SeRmjnh5SvohDRbM4uool+0KFkGjsB3UpyeF1QgfNcUuc608VnFFF3XIErw9 +TaARow1v8LJ9+C2p8ZweSr5npatP4uMcDZ3DalRx7Dhef5PpOmt0BTuV9AJpBLDe +l3qpQo/z5a25wJa1fe7xk2nbVGjI7goxJSJu4BovE9pBw0GkQz44xNiKn+S4Bunp +lIJ9CpB1i9+EN7xxcG2vPkcsajgCmoXqlMfxvuvegZPISAwsxjd9WPO8BuC1a6dA +EmVffgNsK43YGSnBJZEmmOb+1uGvbZJHLiMcpTF2xiaCr9qxDurn1euOFJ4nIF1f +ONZTTyJQ +-----END ENCRYPTED PRIVATE KEY----- diff --git a/templates/ssl/ssl.properties b/templates/ssl/ssl.properties new file mode 100644 index 0000000..de79016 --- /dev/null +++ b/templates/ssl/ssl.properties @@ -0,0 +1,13 @@ +## client setting +tls.client.certPath=/home/rocketmq/ssl/client.crt +tls.client.keyPath=/home/rocketmq/ssl/client_rsa_private_pkcs8.pem +tls.client.keyPassword=client +tls.client.trustCertPath=/home/rocketmq/ssl/ca.crt + +## server setting +tls.server.certPath=/home/rocketmq/ssl/server.crt +tls.server.keyPath=/home/rocketmq/ssl/server_rsa_private_pkcs8.pem +tls.server.keyPassword=server +tls.server.trustCertPath=/home/rocketmq/ssl/ca.crt +#server.auth.client +tls.server.need.client.auth=required \ No newline at end of file