TLS
Cert : 나는 누구다
Keystore : 키가 저장됨
Truststore : cert가 저장됨 CA
openssl : 키나 서트를 생성
위는 liberty에서
root@instance-0054bdaa:~/ssl#
root@instance-0054bdaa:~/ssl# openssl genrsa -out private.key 3072
Generating RSA private key, 3072 bit long modulus
..........................++
.........................................................................++
e is 65537 (0x10001)
root@instance-0054bdaa:~/ssl# ll
total 24
drwxr-xr-x 2 root root 4096 Apr 4 05:14 ./
drwx------ 6 root root 4096 Apr 4 05:14 ../
-rw-r--r-- 1 root root 10909 Apr 4 05:13 openssl.cnf
-rw-r--r-- 1 root root 2455 Apr 4 05:14 private.key
root@instance-0054bdaa:~/ssl# openssl req -new -x509 -key private.key -sha256 -out newcert.pem -days 1024 -config openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:169.46.31.205
Email Address []:jesang.myung@gmail.com
root@instance-0054bdaa:~/ssl# ll
total 28
drwxr-xr-x 2 root root 4096 Apr 4 05:19 ./
drwx------ 6 root root 4096 Apr 4 05:14 ../
-rw-r--r-- 1 root root 1614 Apr 4 05:19 newcert.pem
-rw-r--r-- 1 root root 10909 Apr 4 05:13 openssl.cnf
-rw-r--r-- 1 root root 2455 Apr 4 05:14 private.key
root@instance-0054bdaa:~/ssl# cat private.key newcert.pem > SAN.pem
root@instance-0054bdaa:~/ssl# openssl pkcs12 -export -in newcert.pem -inkey private.key -out server.p12 -name backend
Enter Export Password:
Verifying - Enter Export Password:
root@instance-0054bdaa:~/ssl# ll
total 36
drwxr-xr-x 2 root root 4096 Apr 4 05:21 ./
drwx------ 6 root root 4096 Apr 4 05:14 ../
-rw-r--r-- 1 root root 4069 Apr 4 05:20 SAN.pem
-rw-r--r-- 1 root root 1614 Apr 4 05:19 newcert.pem
-rw-r--r-- 1 root root 10909 Apr 4 05:13 openssl.cnf
-rw-r--r-- 1 root root 2455 Apr 4 05:14 private.key
-rw-r--r-- 1 root root 3388 Apr 4 05:21 server.p12
root@instance-0054bdaa:~/ssl# export PATH=$PATH:/opt/ibm/java-x86_64-80/bin
root@instance-0054bdaa:~/ssl# cd /opt/ibm/wlp/usr/s
servers/ shared/
root@instance-0054bdaa:~/ssl# cd /opt/ibm/wlp/usr/servers/defaultServer/resources/security/
root@instance-0054bdaa:/opt/ibm/wlp/usr/servers/defaultServer/resources/security# ll
total 16
drwxr-x--- 2 root root 4096 Feb 16 2016 ./
drwxr-x--- 3 root root 4096 Feb 16 2016 ../
-rw-r----- 1 root root 2171 Feb 16 2016 key.jks
-rw------- 1 root root 895 Feb 16 2016 ltpa.keys
root@instance-0054bdaa:/opt/ibm/wlp/usr/servers/defaultServer/resources/security# keytool -importkeystore \
> -deststorepass passw0rd -destkeypass passw0rd -destkeystore key.jks \
> -srckeystore /root/ssl/server.p12 -srcstoretype PKCS12 -srcstorepass passw0rd \
> -alias backend
keytool -importkeystore -deststorepass passw0rd -destkeypass passw0rd -destkeystore key.jks -srckeystore /root/ssl/server.p12 -srcstoretype PKCS12 -srcstorepass passw0rd -alias backend
root@instance-0054bdaa:/opt/ibm/wlp/usr/servers/defaultServer/resources/security#
root@instance-0054bdaa:/opt/ibm/wlp/bin# ./server stop defaultServer
Stopping server defaultServer.
Server defaultServer stopped.
root@instance-0054bdaa:/opt/ibm/wlp/bin# ./server start defaultServer
Starting server defaultServer.
Server defaultServer started with process ID 2058.
root@instance-0054bdaa:/opt/ibm/wlp/bin# exit
exit
'Cloud > Bluemix' 카테고리의 다른 글
API Connect (0) | 2017.04.05 |
---|---|
Faro test (0) | 2017.04.05 |
3-2 webinar (0) | 2017.04.04 |
3-1 (0) | 2017.04.03 |
docker ubuntu ssh client 설치 & push & pull (0) | 2017.04.02 |