Changes between Version 43 and Version 44 of ESGFNodeTutorial


Ignore:
Timestamp:
Sep 20, 2018 11:50:14 AM (4 years ago)
Author:
zequi
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ESGFNodeTutorial

    v43 v44  
    6036035. More info in [https://stackoverflow.com/questions/906402/importing-an-existing-x509-certificate-and-private-key-in-java-keystore-to-use-i Stackoverflow]
    604604
     605== Notes on x509 certificates and ESGF ==
     606
     607[https://serverfault.com/questions/845806/how-to-issue-ssl-certificate-with-san-extension Certificate SAN]
     608
     609[https://stackoverflow.com/questions/906402/how-to-import-an-existing-x509-certificate-and-private-key-in-java-keystore-to-u Certificate import private key into keystore]
     610
     611ssl.conf
     612{{{
     613[ca]
     614default_ca = CA_default
     615
     616[CA_default]
     617dir = ./ca
     618database = $dir/index.txt
     619new_certs_dir = $dir/newcerts
     620serial = $dir/serial
     621private_key = ./cakey.pem
     622certificate = ./cacert.pem
     623default_days = 3650
     624default_md = sha256
     625policy = policy_anything
     626copy_extensions = copyall
     627
     628[policy_anything]
     629countryName = optional
     630stateOrProvinceName = optional
     631localityName = optional
     632organizationName = optional
     633organizationalUnitName = optional
     634commonName = supplied
     635emailAddress = optional
     636
     637[req]
     638prompt = no
     639distinguished_name = req_distinguished_name
     640req_extensions = v3_ca
     641
     642[req_distinguished_name]
     643CN = esgf-f2f-test
     644
     645[v3_ca]
     646subjectAltName = @alt_names
     647
     648[alt_names]
     649IP.1 = 127.0.0.1
     650IP.2 = 172.28.128.3
     651IP.3 = 172.28.128.4
     652IP.4 = 172.28.128.5
     653DNS.1 = localhost
     654}}}
     655
     656Add certificate to truststore
     657{{{keytool -import -trustcacerts -alias casmg -keystore esg-truststore.ts -file /etc/certs/f2f/ssl.crt}}}
     658
    605659== Redirect index to IPSL ==
    606660