X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=plans%2Fsdnc%2Fsdnc_netconf_tls_post_deploy%2Fcerts%2FMakefile;fp=plans%2Fsdnc%2Fsdnc_netconf_tls_post_deploy%2Fcerts%2FMakefile;h=b284e61e8589820744e614a23a8704409327bb19;hb=ebc79b2ed5b7b4bb2e8eb1d43d8710aa654b3421;hp=0000000000000000000000000000000000000000;hpb=00b05096a16d9a3d0652fa34f542c3065769e739;p=integration%2Fcsit.git diff --git a/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/Makefile b/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/Makefile new file mode 100644 index 00000000..b284e61e --- /dev/null +++ b/plans/sdnc/sdnc_netconf_tls_post_deploy/certs/Makefile @@ -0,0 +1,110 @@ +all: step_1 step_2 step_3 step_4 step_5 step_6 step_7 step_8 step_9 step_10 step_11 step_12 step_13 step_14 step_15 +.PHONY: all +#Clear certificates +clear: + @echo "***** Clear certificates *****" + rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 + @echo "***** done *****" + +#Generate root private and public keys +step_1: + @echo "***** Generate root private and public keys *****" + keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \ + -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \ + -storepass secret -ext BasicConstraints:critical="ca:true" + @echo "***** done *****" + +#Export public key as certificate +step_2: + @echo "***** Export public key as certificate *****" + keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc + @echo "***** done *****" + +#Self-signed root (import root certificate into truststore) +step_3: + @echo "***** Self-signed root import root certificate into truststore *****" + keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt + @echo "***** done *****" + +#Generate certService's client private and public keys +step_4: + @echo "***** Generate certService's client private and public keys *****" + keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 730 \ + -keystore certServiceClient-keystore.jks -storetype JKS \ + -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret + @echo "***** done *****" + +#Generate certificate signing request for certService's client +step_5: + @echo "***** Generate certificate signing request for certService's client *****" + keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr + @echo "***** done *****" + +#Sign certService's client certificate by root CA +step_6: + @echo "***** Sign certService's client certificate by root CA *****" + keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \ + -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" + @echo "***** done *****" + +#Import root certificate into client +step_7: + @echo "***** Import root certificate into intermediate *****" + cat root.crt >> certServiceClientByRoot.crt + @echo "***** done *****" + +#Import signed certificate into certService's client +step_8: + @echo "***** Import signed certificate into certService's client *****" + keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt + @echo "***** done *****" + +#Generate certService private and public keys +step_9: + @echo "***** Generate certService private and public keys *****" + keytool -genkeypair -v -alias aaf-cert-service -keyalg RSA -keysize 2048 -validity 730 \ + -keystore certServiceServer-keystore.jks -storetype JKS \ + -dname "CN=aaf-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false" + @echo "***** done *****" + +#Generate certificate signing request for certService +step_10: + @echo "***** Generate certificate signing request for certService***** " + keytool -certreq -keystore certServiceServer-keystore.jks -alias aaf-cert-service -storepass secret -file certServiceServer.csr + @echo "***** done *****" + +#Sign certService certificate by root CA +step_11: + @echo "***** Sign certService certificate by root CA *****" + keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \ + -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \ + -ext SubjectAlternativeName:="DNS:aaf-cert-service,DNS:localhost" + @echo "***** done *****" + +#Import root certificate into server +step_12: + @echo "***** Import root certificate into intermediate *****" + cat root.crt >> certServiceServerByRoot.crt + @echo "***** done *****" + +#Import signed certificate into certService +step_13: + @echo "***** Import signed certificate into certService *****" + keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias aaf-cert-service \ + -storepass secret -noprompt + @echo "***** done *****" + +#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) +step_14: + @echo "***** Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) *****" + keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \ + -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret + @echo "***** done *****" + +#Clear unused certificates +step_15: + @echo "***** Clear unused certificates *****" + rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr + @echo "***** done *****"