TLS

Cert : 나는 누구다

Keystore : 키가 저장됨

Truststore : cert가 저장됨 CA

openssl : 키나 서트를 생성

위는 liberty에서 

root@instance-0054bdaa:~/ssl#

root@instance-0054bdaa:~/ssl# openssl genrsa -out private.key 3072

Generating RSA private key, 3072 bit long modulus

..........................++

.........................................................................++

e is 65537 (0x10001)

root@instance-0054bdaa:~/ssl# ll

total 24

drwxr-xr-x 2 root root  4096 Apr  4 05:14 ./

drwx------ 6 root root  4096 Apr  4 05:14 ../

-rw-r--r-- 1 root root 10909 Apr  4 05:13 openssl.cnf

-rw-r--r-- 1 root root  2455 Apr  4 05:14 private.key

root@instance-0054bdaa:~/ssl# openssl req -new -x509 -key private.key -sha256 -out newcert.pem -days 1024 -config openssl.cnf

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]:.

Locality Name (eg, city) []:.

Organization Name (eg, company) [Internet Widgits Pty Ltd]:.

Organizational Unit Name (eg, section) []:.

Common Name (e.g. server FQDN or YOUR name) []:169.46.31.205

Email Address []:jesang.myung@gmail.com

root@instance-0054bdaa:~/ssl# ll

total 28

drwxr-xr-x 2 root root  4096 Apr  4 05:19 ./

drwx------ 6 root root  4096 Apr  4 05:14 ../

-rw-r--r-- 1 root root  1614 Apr  4 05:19 newcert.pem

-rw-r--r-- 1 root root 10909 Apr  4 05:13 openssl.cnf

-rw-r--r-- 1 root root  2455 Apr  4 05:14 private.key

root@instance-0054bdaa:~/ssl# cat private.key newcert.pem > SAN.pem

root@instance-0054bdaa:~/ssl# openssl pkcs12 -export -in newcert.pem -inkey private.key -out server.p12 -name backend

Enter Export Password:

Verifying - Enter Export Password:

root@instance-0054bdaa:~/ssl# ll

total 36

drwxr-xr-x 2 root root  4096 Apr  4 05:21 ./

drwx------ 6 root root  4096 Apr  4 05:14 ../

-rw-r--r-- 1 root root  4069 Apr  4 05:20 SAN.pem

-rw-r--r-- 1 root root  1614 Apr  4 05:19 newcert.pem

-rw-r--r-- 1 root root 10909 Apr  4 05:13 openssl.cnf

-rw-r--r-- 1 root root  2455 Apr  4 05:14 private.key

-rw-r--r-- 1 root root  3388 Apr  4 05:21 server.p12

root@instance-0054bdaa:~/ssl# export PATH=$PATH:/opt/ibm/java-x86_64-80/bin

root@instance-0054bdaa:~/ssl# cd /opt/ibm/wlp/usr/s

servers/ shared/

root@instance-0054bdaa:~/ssl# cd /opt/ibm/wlp/usr/servers/defaultServer/resources/security/

root@instance-0054bdaa:/opt/ibm/wlp/usr/servers/defaultServer/resources/security# ll

total 16

drwxr-x--- 2 root root 4096 Feb 16  2016 ./

drwxr-x--- 3 root root 4096 Feb 16  2016 ../

-rw-r----- 1 root root 2171 Feb 16  2016 key.jks

-rw------- 1 root root  895 Feb 16  2016 ltpa.keys

root@instance-0054bdaa:/opt/ibm/wlp/usr/servers/defaultServer/resources/security# keytool -importkeystore \

> -deststorepass passw0rd -destkeypass passw0rd -destkeystore key.jks \

> -srckeystore /root/ssl/server.p12 -srcstoretype PKCS12 -srcstorepass passw0rd \

> -alias backend

keytool -importkeystore -deststorepass passw0rd -destkeypass passw0rd -destkeystore key.jks -srckeystore /root/ssl/server.p12 -srcstoretype PKCS12 -srcstorepass passw0rd -alias backend

root@instance-0054bdaa:/opt/ibm/wlp/usr/servers/defaultServer/resources/security#

root@instance-0054bdaa:/opt/ibm/wlp/bin# ./server stop defaultServer

Stopping server defaultServer.

Server defaultServer stopped.

root@instance-0054bdaa:/opt/ibm/wlp/bin# ./server start defaultServer

Starting server defaultServer.

Server defaultServer started with process ID 2058.

root@instance-0054bdaa:/opt/ibm/wlp/bin# exit

exit