· 6 years ago · Oct 01, 2019, 08:36 AM
1PASTEBINnew pasteAPI tools faq deals
2search...
3
4
5Guest User
6-
7
8Public Pastes
9Untitled
10Pawn | 8 sec ago
11Untitled
129 sec ago
13Untitled
1414 sec ago
15Untitled
1616 sec ago
17Untitled
1817 sec ago
19Untitled
2017 sec ago
21Untitled
22C# | 19 sec ago
23Untitled
2425 sec ago
25
26SHARE
27TWEET
28
29Untitled
30 A GUEST SEP 30TH, 2019 0 NEVER
31
32NOTE: Your guest paste has been posted. If you sign up for a free account, you can edit and delete your pastes!
33rawdownloadcloneembedreportprinttext 4.01 KB
34#!/bin/bash
35#
36#
37# This scripts generates:
38# - root CA certificate
39# - server certificate and keystore
40# - client keys
41#
42# https://cwiki.apache.org/confluence/display/KAFKA/Deploying+SSL+for+Kafka
43#
44
45
46if [[ "$1" == "-k" ]]; then
47 USE_KEYTOOL=1
48 shift
49else
50 USE_KEYTOOL=0
51fi
52
53OP="$1"
54CA_CERT="$2"
55PFX="$3"
56HOST="$4"
57
58C=NN
59ST=NN
60L=NN
61O=NN
62OU=NN
63CN=NN
64
65
66# Password
67PASS="JiJ9aico8ephi"
68
69# Cert validity, in days
70VALIDITY=10000
71
72set -e
73
74export LC_ALL=C
75
76if [[ $OP == "ca" && ! -z "$CA_CERT" && ! -z "$3" ]]; then
77 CN="$3"
78 openssl req -new -x509 -keyout ${CA_CERT}.key -out $CA_CERT -days $VALIDITY -passin "pass:$PASS" -passout "pass:$PASS" <<EOF
79${C}
80${ST}
81${L}
82${O}
83${OU}
84${CN}
85$USER@${CN}
86.
87.
88EOF
89
90
91
92elif [[ $OP == "server" && ! -z "$CA_CERT" && ! -z "$PFX" && ! -z "$CN" ]]; then
93
94 #Step 1
95 echo "############ Generating key"
96 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.keystore.jks -alias localhost -validity $VALIDITY -genkey -keyalg RSA <<EOF
97$CN
98$OU
99$O
100$L
101$ST
102$C
103yes
104yes
105EOF
106
107 #Step 2
108 echo "############ Adding CA"
109 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.truststore.jks -alias CARoot -import -file $CA_CERT <<EOF
110yes
111EOF
112
113 #Step 3
114 echo "############ Export certificate"
115 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.keystore.jks -alias localhost -certreq -file ${PFX}cert-file
116
117 echo "############ Sign certificate"
118 openssl x509 -req -CA $CA_CERT -CAkey ${CA_CERT}.key -in ${PFX}cert-file -out ${PFX}cert-signed -days $VALIDITY -CAcreateserial -passin "pass:$PASS"
119
120
121 echo "############ Import CA"
122 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.keystore.jks -alias CARoot -import -file $CA_CERT <<EOF
123yes
124EOF
125
126 echo "############ Import signed CA"
127 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.keystore.jks -alias localhost -import -file ${PFX}cert-signed
128
129
130elif [[ $OP == "client" && ! -z "$CA_CERT" && ! -z "$PFX" && ! -z "$CN" ]]; then
131
132 if [[ $USE_KEYTOOL == 1 ]]; then
133 echo "############ Creating client truststore"
134
135 [[ -f ${PFX}client.truststore.jks ]] || keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}client.truststore.jks -alias CARoot -import -file $CA_CERT <<EOF
136yes
137EOF
138
139 echo "############ Generating key"
140 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}client.keystore.jks -alias localhost -validity $VALIDITY -genkey -keyalg RSA <<EOF
141$CN
142$OU
143$O
144$L
145$ST
146$C
147yes
148yes
149EOF
150 echo "########### Export certificate"
151 keytool -storepass "$PASS" -keystore ${PFX}client.keystore.jks -alias localhost -certreq -file ${PFX}cert-file
152
153 echo "########### Sign certificate"
154 openssl x509 -req -CA ${CA_CERT} -CAkey ${CA_CERT}.key -in ${PFX}cert-file -out ${PFX}cert-signed -days $VALIDITY -CAcreateserial -passin pass:$PASS
155
156 echo "########### Import CA"
157 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}client.keystore.jks -alias CARoot -import -file ${CA_CERT} <<EOF
158yes
159EOF
160
161 echo "########### Import signed CA"
162 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}client.keystore.jks -alias localhost -import -file ${PFX}cert-signed
163
164 else
165 # Standard OpenSSL keys
166 echo "############ Generating key"
167 openssl genrsa -des3 -passout "pass:$PASS" -out ${PFX}client.key 2048
168
169 echo "############ Generating request"
170 openssl req -passin "pass:$PASS" -passout "pass:$PASS" -key ${PFX}client.key -new -out ${PFX}client.req \
171 <<EOF
172$C
173$ST
174$L
175$O
176$OU
177$CN
178.
179$PASS
180.
181EOF
182
183 echo "########### Signing key"
184 openssl x509 -req -passin "pass:$PASS" -in ${PFX}client.req -CA $CA_CERT -CAkey ${CA_CERT}.key -CAserial ${CA_CERT}.srl -out ${PFX}client.pem -days $VALIDITY
185
186 fi
187
188
189
190
191else
192 echo "Usage: $0 ca <ca-cert-file> <CN>"
193 echo " $0 [-k] server|client <ca-cert-file> <file_prefix> <hostname>"
194 echo ""
195 echo " -k = Use keytool/Java Keystore, else standard SSL keys"
196 exit 1
197fi
198RAW Paste Data
199#!/bin/bash
200#
201#
202# This scripts generates:
203# - root CA certificate
204# - server certificate and keystore
205# - client keys
206#
207# https://cwiki.apache.org/confluence/display/KAFKA/Deploying+SSL+for+Kafka
208#
209
210
211if [[ "$1" == "-k" ]]; then
212 USE_KEYTOOL=1
213 shift
214else
215 USE_KEYTOOL=0
216fi
217
218OP="$1"
219CA_CERT="$2"
220PFX="$3"
221HOST="$4"
222
223C=NN
224ST=NN
225L=NN
226O=NN
227OU=NN
228CN="$HOST"
229
230
231# Password
232PASS="JiJ9aico8ephi"
233
234# Cert validity, in days
235VALIDITY=10000
236
237set -e
238
239export LC_ALL=C
240
241if [[ $OP == "ca" && ! -z "$CA_CERT" && ! -z "$3" ]]; then
242 CN="$3"
243 openssl req -new -x509 -keyout ${CA_CERT}.key -out $CA_CERT -days $VALIDITY -passin "pass:$PASS" -passout "pass:$PASS" <<EOF
244${C}
245${ST}
246${L}
247${O}
248${OU}
249${CN}
250$USER@${CN}
251.
252.
253EOF
254
255
256
257elif [[ $OP == "server" && ! -z "$CA_CERT" && ! -z "$PFX" && ! -z "$CN" ]]; then
258
259 #Step 1
260 echo "############ Generating key"
261 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.keystore.jks -alias localhost -validity $VALIDITY -genkey -keyalg RSA <<EOF
262$CN
263$OU
264$O
265$L
266$ST
267$C
268yes
269yes
270EOF
271
272 #Step 2
273 echo "############ Adding CA"
274 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.truststore.jks -alias CARoot -import -file $CA_CERT <<EOF
275yes
276EOF
277
278 #Step 3
279 echo "############ Export certificate"
280 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.keystore.jks -alias localhost -certreq -file ${PFX}cert-file
281
282 echo "############ Sign certificate"
283 openssl x509 -req -CA $CA_CERT -CAkey ${CA_CERT}.key -in ${PFX}cert-file -out ${PFX}cert-signed -days $VALIDITY -CAcreateserial -passin "pass:$PASS"
284
285
286 echo "############ Import CA"
287 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.keystore.jks -alias CARoot -import -file $CA_CERT <<EOF
288yes
289EOF
290
291 echo "############ Import signed CA"
292 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.keystore.jks -alias localhost -import -file ${PFX}cert-signed
293
294
295elif [[ $OP == "client" && ! -z "$CA_CERT" && ! -z "$PFX" && ! -z "$CN" ]]; then
296
297 if [[ $USE_KEYTOOL == 1 ]]; then
298 echo "############ Creating client truststore"
299
300 [[ -f ${PFX}client.truststore.jks ]] || keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}client.truststore.jks -alias CARoot -import -file $CA_CERT <<EOF
301yes
302EOF
303
304 echo "############ Generating key"
305 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}client.keystore.jks -alias localhost -validity $VALIDITY -genkey -keyalg RSA <<EOF
306$CN
307$OU
308$O
309$L
310$ST
311$C
312yes
313yes
314EOF
315 echo "########### Export certificate"
316 keytool -storepass "$PASS" -keystore ${PFX}client.keystore.jks -alias localhost -certreq -file ${PFX}cert-file
317
318 echo "########### Sign certificate"
319 openssl x509 -req -CA ${CA_CERT} -CAkey ${CA_CERT}.key -in ${PFX}cert-file -out ${PFX}cert-signed -days $VALIDITY -CAcreateserial -passin pass:$PASS
320
321 echo "########### Import CA"
322 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}client.keystore.jks -alias CARoot -import -file ${CA_CERT} <<EOF
323yes
324EOF
325
326 echo "########### Import signed CA"
327 keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}client.keystore.jks -alias localhost -import -file ${PFX}cert-signed
328
329 else
330 # Standard OpenSSL keys
331 echo "############ Generating key"
332 openssl genrsa -des3 -passout "pass:$PASS" -out ${PFX}client.key 2048
333
334 echo "############ Generating request"
335 openssl req -passin "pass:$PASS" -passout "pass:$PASS" -key ${PFX}client.key -new -out ${PFX}client.req \
336 <<EOF
337$C
338$ST
339$L
340$O
341$OU
342$CN
343.
344$PASS
345.
346EOF
347
348 echo "########### Signing key"
349 openssl x509 -req -passin "pass:$PASS" -in ${PFX}client.req -CA $CA_CERT -CAkey ${CA_CERT}.key -CAserial ${CA_CERT}.srl -out ${PFX}client.pem -days $VALIDITY
350
351 fi
352
353
354
355
356else
357 echo "Usage: $0 ca <ca-cert-file> <CN>"
358 echo " $0 [-k] server|client <ca-cert-file> <file_prefix> <hostname>"
359 echo ""
360 echo " -k = Use keytool/Java Keystore, else standard SSL keys"
361 exit 1
362fi
363
364We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
365Not a member of Pastebin yet?
366Sign Up, it unlocks many cool features!
367
368create new paste / dealsnew! / syntax languages / archive / faq / tools / night mode / api / scraping api
369privacy statement / cookies policy / terms of service / security disclosure / dmca / contact
370
371By using Pastebin.com you agree to our cookies policy to enhance your experience.
372Site design & logo © 2018 Pastebin; user contributions (pastes) licensed under cc by-sa 3.0 -- FavPNG -- Dedicated Server Hosting by Steadfast
373My Messages
374My Alerts
375Share on Twitter!
376Monday 30th of September 2019 01:55:03 PM CDT
377Top