From e4bd899f657daa88274f1419314f43953a6bc1ef Mon Sep 17 00:00:00 2001 From: Piotr Jaszczyk Date: Fri, 21 Sep 2018 11:31:59 +0200 Subject: Use PKCS12 key and trust store in HV-VES Collector Usage of keystore and truststore allows us to use JDK security framework instead of openssl JNI bindings which are sometimes problematic. * Replace openssl with keytool when generating the scripts Change-Id: Icaa21cd1db443b1dd8fe7e7c0523123df5ea2545 Issue-ID: DCAEGEN2-816 Signed-off-by: Piotr Jaszczyk --- .../testsuites/ssl/README.md | 38 +++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) (limited to 'test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/README.md') diff --git a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/README.md b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/README.md index 174c16641..c2819d249 100644 --- a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/README.md +++ b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/README.md @@ -1,5 +1,23 @@ # Generating SSL certificates +## Java keytool way (recommended) + +To generate: + +```shell +./gen-certs.sh +``` + +To clean (remove generated files): + +```shell +./gen-certs.sh clean +``` + +## OpenSSL way (currently might not work) + +> Add `-f Makefile-openssl` to each command + Typical usage: ```shell @@ -7,12 +25,30 @@ make FILE=client make FILE=server ``` +or (to generate PKCS12 key and trust stores): + +```shell +make create-key-store FILE=client +make create-key-store FILE=server +make create-trust-store +``` + Will generate CA certificate and signed client and server certificates. More "low-level" usage: ```shell make generate-ca-certificate -make generate-private-key FILE=client +make generate-private-key FILE=client make sign FILE=client ``` + +# Connecting to a server + +First generate *client* and *server* certificates. Then start a server with it's cert and make ca.crt a trusted certification authority. + +After that you can: + +```shell +./connect.sh client localhost:8600 < file_with_a_data_to_be_sent.dat +``` -- cgit 1.2.3-korg