简柏林 / thingskit · Commits

Commit 3f72bc4b54cf7713f87bde3dcf1fa36b40ef3ce8

Authored by Sergey Matvienko
Committed by Andrew Shvayka
1 parent c5c8fbd3

SSL (RSA) *.keygen.sh tool upgraded. Added PKCS8 pem format. Tested and fixed ke… 

…ygen.properties to run with no warning. Removed 'mqtt' prefix from output files to fix confusion when applying keys for other protocols.
Inline Side-by-side
Showing 3 changed files with 53 additions and 9 deletions
... ... @@ -44,7 +44,8 @@ done
44 44
45 45 . $PROPERTIES_FILE
46 46
47   -if [ -f $CLIENT_FILE_PREFIX.jks ] || [ -f $CLIENT_FILE_PREFIX.pub.pem ] || [ -f $CLIENT_FILE_PREFIX.nopass.pem ] || [ -f $CLIENT_FILE_PREFIX.pem ] || [ -f $CLIENT_FILE_PREFIX.p12 ];
  47 +if [ -f $CLIENT_FILE_PREFIX.jks ] || [ -f $CLIENT_FILE_PREFIX.pub.pem ] || [ -f $CLIENT_FILE_PREFIX.nopass.pem ] || \
  48 + [ -f $CLIENT_FILE_PREFIX.pem ] || [ -f $CLIENT_FILE_PREFIX.p12 ] || [ -f $CLIENT_FILE_PREFIX.pk8.pem ];
48 49 then
49 50 while :
50 51 do
... ... @@ -62,6 +63,7 @@ while :
62 63 rm -rf $CLIENT_FILE_PREFIX.nopass.pem
63 64 rm -rf $CLIENT_FILE_PREFIX.pem
64 65 rm -rf $CLIENT_FILE_PREFIX.p12
  66 + rm -rf $CLIENT_FILE_PREFIX.pk8.pem
65 67 break;
66 68 ;;
67 69 *) echo "Please reply 'yes' or 'no'"
... ... @@ -84,6 +86,8 @@ if [ -z "$OPENSSL_CMD" ]; then
84 86 exit 0
85 87 fi
86 88
  89 +echo "INFO: your hostname is $(hostname)"
  90 +echo "INFO: your CN (domain suffix) for key is $DOMAIN_SUFFIX"
87 91 echo "Generating SSL Key Pair..."
88 92
89 93 keytool -genkeypair -v \
... ... @@ -112,7 +116,15 @@ echo "Converting pkcs12 to pem"
112 116 openssl pkcs12 -in $CLIENT_FILE_PREFIX.p12 \
113 117 -out $CLIENT_FILE_PREFIX.pem \
114 118 -passin pass:$CLIENT_KEY_PASSWORD \
115   - -passout pass:$CLIENT_KEY_PASSWORD \
  119 + -passout pass:$CLIENT_KEY_PASSWORD
  120 +
  121 +echo "Converting pem to pkcs8"
  122 +openssl pkcs8 \
  123 + -topk8 \
  124 + -nocrypt \
  125 + -in $CLIENT_FILE_PREFIX.pem \
  126 + -out $CLIENT_FILE_PREFIX.pk8.pem \
  127 + -passin pass:$CLIENT_KEY_PASSWORD
116 128
117 129 echo "Importing server public key to $CLIENT_FILE_PREFIX.jks"
118 130 keytool --importcert \
... ...
1 1 #
2   -# Copyright © 2016-2017 The Thingsboard Authors
  2 +# Copyright © 2016-2021 The Thingsboard Authors
3 3 #
4 4 # Licensed under the Apache License, Version 2.0 (the "License");
5 5 # you may not use this file except in compliance with the License.
... ... @@ -18,15 +18,15 @@ DOMAIN_SUFFIX="$(hostname)"
18 18 SUBJECT_ALTERNATIVE_NAMES="ip:127.0.0.1"
19 19 ORGANIZATIONAL_UNIT=Thingsboard
20 20 ORGANIZATION=Thingsboard
21   -CITY=SF
  21 +CITY="San Francisco"
22 22 STATE_OR_PROVINCE=CA
23 23 TWO_LETTER_COUNTRY_CODE=US
24 24
25   -SERVER_KEYSTORE_PASSWORD=server_ks_password
26   -SERVER_KEY_PASSWORD=server_key_password
  25 +SERVER_KEYSTORE_PASSWORD=password
  26 +SERVER_KEY_PASSWORD=password
27 27
28 28 SERVER_KEY_ALIAS="serveralias"
29   -SERVER_FILE_PREFIX="mqttserver"
  29 +SERVER_FILE_PREFIX="server"
30 30 SERVER_KEY_ALG="RSA"
31 31 SERVER_KEY_SIZE="2048"
32 32 SERVER_KEYSTORE_DIR="/etc/thingsboard/conf"
... ... @@ -35,6 +35,6 @@ CLIENT_KEYSTORE_PASSWORD=password
35 35 CLIENT_KEY_PASSWORD=password
36 36
37 37 CLIENT_KEY_ALIAS="clientalias"
38   -CLIENT_FILE_PREFIX="mqttclient"
  38 +CLIENT_FILE_PREFIX="client"
39 39 CLIENT_KEY_ALG="RSA"
40 40 CLIENT_KEY_SIZE="2048"
... ...
... ... @@ -60,7 +60,8 @@ fi
60 60
61 61 . $PROPERTIES_FILE
62 62
63   -if [ -f $SERVER_FILE_PREFIX.jks ] || [ -f $SERVER_FILE_PREFIX.cer ] || [ -f $SERVER_FILE_PREFIX.pub.pem ] || [ -f $SERVER_FILE_PREFIX.pub.der ];
  63 +if [ -f $SERVER_FILE_PREFIX.jks ] || [ -f $SERVER_FILE_PREFIX.cer ] || [ -f $SERVER_FILE_PREFIX.pub.pem ] || \
  64 + [ -f $SERVER_FILE_PREFIX.p12 ] || [ -f $SERVER_FILE_PREFIX.pem ] || [ -f $SERVER_FILE_PREFIX.pk8.pem ] ;
64 65 then
65 66 while :
66 67 do
... ... @@ -76,6 +77,9 @@ while :
76 77 rm -rf $SERVER_FILE_PREFIX.jks
77 78 rm -rf $SERVER_FILE_PREFIX.pub.pem
78 79 rm -rf $SERVER_FILE_PREFIX.cer
  80 + rm -rf $SERVER_FILE_PREFIX.p12
  81 + rm -rf $SERVER_FILE_PREFIX.pem
  82 + rm -rf $SERVER_FILE_PREFIX.pk8.pem
79 83 break;
80 84 ;;
81 85 *) echo "Please reply 'yes' or 'no'"
... ... @@ -84,6 +88,8 @@ while :
84 88 done
85 89 fi
86 90
  91 +echo "INFO: your hostname is $(hostname)"
  92 +echo "INFO: your CN (domain suffix) for key is $DOMAIN_SUFFIX"
87 93 echo "Generating SSL Key Pair..."
88 94
89 95 EXT=""
... ... @@ -121,6 +127,32 @@ keytool -export \
121 127 -storepass $SERVER_KEYSTORE_PASSWORD \
122 128 -keypass $SERVER_KEY_PASSWORD
123 129
  130 +echo "Converting keystore to pkcs12"
  131 +keytool -importkeystore \
  132 + -srckeystore $SERVER_FILE_PREFIX.jks \
  133 + -destkeystore $SERVER_FILE_PREFIX.p12 \
  134 + -srcalias $SERVER_KEY_ALIAS \
  135 + -srcstoretype jks \
  136 + -deststoretype pkcs12 \
  137 + -srcstorepass $SERVER_KEYSTORE_PASSWORD \
  138 + -deststorepass $SERVER_KEY_PASSWORD \
  139 + -srckeypass $SERVER_KEY_PASSWORD \
  140 + -destkeypass $SERVER_KEY_PASSWORD
  141 +
  142 +echo "Converting pkcs12 to pem"
  143 +openssl pkcs12 -in $SERVER_FILE_PREFIX.p12 \
  144 + -out $SERVER_FILE_PREFIX.pem \
  145 + -passin pass:$SERVER_KEY_PASSWORD \
  146 + -passout pass:$SERVER_KEY_PASSWORD
  147 +
  148 +echo "Converting pem to pkcs8"
  149 +openssl pkcs8 \
  150 + -topk8 \
  151 + -nocrypt \
  152 + -in $SERVER_FILE_PREFIX.pem \
  153 + -out $SERVER_FILE_PREFIX.pk8.pem \
  154 + -passin pass:$SERVER_KEY_PASSWORD
  155 +
124 156 status=$?
125 157 if [[ $status != 0 ]]; then
126 158 exit $status;
... ...