-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathcommands.txt
71 lines (56 loc) · 1.64 KB
/
commands.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# adapted from https://developer.confluent.io/courses/security/hands-on-setting-up-encryption
# and https://developer.confluent.io/courses/security/hands-on-requiring-encryption-for-broker-traffic
# cut and paste and run one at a time
openssl req -new -nodes \
-x509 \
-days 365 \
-newkey rsa:2048 \
-keyout ssl/ca.key \
-out ssl/ca.crt \
-config conf/ca.cnf
cat ssl/ca.crt ssl/ca.key > ssl/ca.pem
openssl req -new \
-newkey rsa:2048 \
-keyout ssl/server.key \
-out ssl/server.csr \
-config conf/server.cnf \
-nodes
openssl x509 -req \
-days 3650 \
-in ssl/server.csr \
-CA ssl/ca.crt \
-CAkey ssl/ca.key \
-CAcreateserial \
-out ssl/server.crt \
-extfile conf/server.cnf \
-extensions v3_req
openssl pkcs12 -export \
-in ssl/server.crt \
-inkey ssl/server.key \
-chain \
-CAfile ssl/ca.pem \
-name kafka \
-out ssl/server.p12 \
-password pass:karate
keytool -importkeystore \
-deststorepass karate \
-destkeystore ssl/server.keystore.pkcs12 \
-srckeystore ssl/server.p12 \
-deststoretype PKCS12 \
-srcstoretype PKCS12 \
-noprompt \
-srcstorepass karate
keytool -list -v \
-keystore ssl/server.keystore.pkcs12 \
-storepass karate
# type in "karate" ENTER "EOF" ENTER for the next two
tee ssl/creds_sslkey << EOF >/dev/null
tee ssl/creds_keystore << EOF >/dev/null
openssl s_client -connect localhost:29093 -tls1_3 -showcerts
keytool -keystore ssl/client.truststore.pkcs12 \
-alias CARoot \
-import \
-file ssl/ca.crt \
-storepass karate \
-noprompt \
-storetype PKCS12