"cbs.firstRequestDelaySec": 3,
"cbs.requestIntervalSec": 5,
"security.keys.keyStoreFile": "/etc/hv-ves/ssl/server.p12",
- "security.keys.keyStorePassword": "onaponap",
+ "security.keys.keyStorePasswordFile": "/etc/hv-ves/ssl/server.pass",
"security.keys.trustStoreFile": "/etc/hv-ves/ssl/trust.p12",
- "security.keys.trustStorePassword": "onaponap"
+ "security.keys.trustStorePasswordFile": "/etc/hv-ves/ssl/trust.pass"
}
\ No newline at end of file
keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \
keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \
keytool -alias ${key_name} -importcert ${keystore}
+
+ printf ${STORE_PASS} > ${key_name}.pass
}
local name="$1"
local trusted_ca="$2"
keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${name}.p12
+ printf ${STORE_PASS} > ${name}.pass
}
function clean() {
- rm -f *.crt *.p12
+ rm -f *.crt *.p12 *.pass
}
if [[ $# -eq 0 ]]; then
echo "usage: $0 [clean]"
exit 1
fi
-
cert_name_prefix = "" if should_use_valid_certs else "untrusted"
certificates_path_with_file_prefix = COLLECTOR_CERTS_LOOKUP_DIR + cert_name_prefix
self.key_store_path = certificates_path_with_file_prefix + "client.p12"
+ self.key_store_passwd_path = certificates_path_with_file_prefix + "client.pass"
self.trust_store_path = certificates_path_with_file_prefix + "trust.p12"
- self.sec_store_passwd = "onaponap"
+ self.trust_store_passwd_path = certificates_path_with_file_prefix + "trust.pass"
self.disable_ssl = should_disable_ssl
self.hv_collector_host = UNENCRYPTED_HV_VES_SERVICE_NAME \
if should_connect_to_unencrypted_hv_ves else HV_VES_SERVICE_NAME
"--ves-port", "6061",
"--key-store", self.key_store_path,
"--trust-store", self.trust_store_path,
- "--key-store-password", self.sec_store_passwd,
- "--trust-store-password", self.sec_store_passwd]
+ "--key-store-password-file", self.key_store_passwd_path,
+ "--trust-store-password-file", self.trust_store_passwd_path]
if self.disable_ssl:
startup_command.append("--ssl-disable")
return startup_command