Name | Date | Size | #Lines | LOC | ||
---|---|---|---|---|---|---|
.. | - | - | ||||
keygen/ | 11-Mar-2024 | - | 157 | 105 | ||
CA.pem | D | 11-Mar-2024 | 8 KiB | 134 | 132 | |
README.md | D | 11-Mar-2024 | 3 KiB | 103 | 57 | |
client.crt | D | 11-Mar-2024 | 1.7 KiB | 29 | 28 | |
client.key | D | 11-Mar-2024 | 1.6 KiB | 28 | 27 | |
client.p12 | D | 11-Mar-2024 | 2.8 KiB | |||
client.pem | D | 11-Mar-2024 | 4 KiB | 68 | 65 | |
client_v3.crt | D | 11-Mar-2024 | 1.8 KiB | 31 | 30 | |
client_v3.key | D | 11-Mar-2024 | 1.6 KiB | 28 | 27 | |
server.crt | D | 11-Mar-2024 | 2.3 KiB | 39 | 38 | |
server.key | D | 11-Mar-2024 | 3.2 KiB | 53 | 52 | |
server.p12 | D | 11-Mar-2024 | 4.4 KiB | |||
server.pem | D | 11-Mar-2024 | 5.5 KiB | 91 | 90 |
README.md
1# Test Keys and Certificates 2This folder is dedicated to test keys and certificates provided in multiple formats. 3Primary use are unit test suites and cross language tests. 4 5 test/keys 6 7**The files in this directory must never be used on production systems.** 8 9## SSL Keys and Certificates 10 11 12## create certificates 13 14we use the following parameters for test key and certificate creation 15 16 C=US, 17 ST=Maryland, 18 L=Forest Hill, 19 O=The Apache Software Foundation, 20 OU=Apache Thrift, 21 CN=localhost/emailAddress=dev@thrift.apache.org 22 23### create self-signed server key and certificate 24 25 openssl req -new -x509 -nodes -days 3000 -out server.crt -keyout server.key 26 openssl x509 -in server.crt -text > CA.pem 27 cat server.crt server.key > server.pem 28 29Export password is "thrift" without the quotes 30 31 openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12 32 33### create client key and certificate 34 35 openssl genrsa -out client.key 36 37create a signing request: 38 39 openssl req -new -key client.key -out client.csr 40 41sign the client certificate with the server.key 42 43 openssl x509 -req -days 3000 -in client.csr -CA CA.pem -CAkey server.key -set_serial 01 -out client.crt 44 45export certificate in PKCS12 format (Export password is "thrift" without the quotes) 46 47 openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12 48 49export certificate in PEM format for OpenSSL usage 50 51 openssl pkcs12 -in client.p12 -out client.pem -clcerts 52 53### create client key and certificate with altnames 54 55copy openssl.cnf from your system e.g. /etc/ssl/openssl.cnf and append following to the end of [ v3_req ] 56 57 subjectAltName=@alternate_names 58 59 [ alternate_names ] 60 IP.1=127.0.0.1 61 IP.2=::1 62 IP.3=::ffff:127.0.0.1 63 64create a signing request: 65 66 openssl req -new -key client_v3.key -out client_v3.csr -config openssl.cnf \ 67 -subj "/C=US/ST=Maryland/L=Forest Hill/O=The Apache Software Foundation/OU=Apache Thrift/CN=localhost" -extensions v3_req 68 69sign the client certificate with the server.key 70 71 openssl x509 -req -days 3000 -in client_v3.csr -CA CA.pem -CAkey server.key -set_serial 01 -out client_v3.crt -extensions v3_req -extfile openssl.cnf 72 73## Java key and certificate import 74Java Test Environment uses key and trust store password "thrift" without the quotes 75 76list keystore entries 77 78 keytool -list -storepass thrift -keystore ../../lib/java/test/.keystore 79 80list truststore entries 81 82 keytool -list -storepass thrift -keystore ../../lib/java/test/.truststore 83 84 85delete an entry 86 87 keytool -delete -storepass thrift -keystore ../../lib/java/test/.truststore -alias ssltest 88 89 90import certificate into truststore 91 92 keytool -importcert -storepass thrift -keystore ../../lib/java/test/.truststore -alias localhost --file server.crt 93 94import key into keystore 95 96 keytool -importkeystore -storepass thrift -keystore ../../lib/java/test/.keystore -srcstoretype pkcs12 -srckeystore server.p12 97 98# Test SSL server and clients 99 100 openssl s_client -connect localhost:9090 101 openssl s_server -accept 9090 -www 102 103