[QA-4212] generate root-CA/sub-CA/keystore/truststore, import to keystore/truststore;#196
[QA-4212] generate root-CA/sub-CA/keystore/truststore, import to keystore/truststore;#196YipingXiongTG wants to merge 20 commits into
Conversation
|
Unlike truststore (which just need root-CA certificate), we need to import private-key and certificate-chain (bundled together) into keystore.
|
|
As to subordninate CA generation, it does not have to be signed by root-CA. In the case of multiple intermediate CA, the subordinate CA is signed by supervior CA, which isn't not necessarilly root-CA. Overall the interface LGTM. |
dadongwang-tg
left a comment
dadongwang-tg
left a comment
There was a problem hiding this comment.
ssl_generate.sh: only generate CA (root, sub), key-store, or trust store
ssl_import.sh: only import key/trust store
| help_flag="" | ||
|
|
||
| opt_string="hip:c:s:o:n:" | ||
| opt_long_string="help,gen_CARoot,gen_subCA,gen_keystore,gen_truststore,passphrase:,output:,storepass:,storetype:,cer:,cerKey:,CN:,name:" |
There was a problem hiding this comment.
if user don't provide any options, it is default behavior as below:
(1) ./ssl_generate.sh
<==>
./ssl_generate.sh --gen_CARoot --gen_keystore --gen_truststore
(2) ./ssl_generate.sh --CN <DN name>
./ssl_generate.sh --gen_CARoot --CN <DN name> --gen_keystore --gen_truststore
dadongwang-tg
left a comment
dadongwang-tg
left a comment
There was a problem hiding this comment.
add one more file ssl_generate_import_examples.sh:
e.g. 1. [WARN] clean up, ...
step 1. ./ssl_generate.sh
step 2. ./ssl_import.sh from default SSL_files
[step 3. check the outputs ]
e.g. 2, ....
3 participants
ssl_generate.sh
if command is empty:
generate root CA
generate keystore
generate truststore
generate subordinate CA
ssl_import.sh
import privateKey-ca pair to keystore
import certificate to truststore
