On 2020/02/04 17:32, Remi Locherer wrote:
> -- Create a TLS certificate in a Java keystore:
> - # ${LOCALBASE}/jdk-1.8.0/bin/keytool -genkey -keyalg RSA -alias selfsigned \
> - -keystore ${SYSCONFDIR}/netshot.jks -storepass password -validity 3600 \
> - -keysize 4096
> - # chmod 640 ${SYSCONFDIR}/netshot.jks
> - # chgrp _netshot ${SYSCONFDIR}/netshot.jks
> +- Create a TLS key and certificate and put it in a keystore for Java:
You could split this in two:
- Create a key and self-signed X509 certificate; alternatively you
may use a CA-signed certificate, possibly from acme-client(1)
> + # openssl req -new -x509 -days 825 \
> + -subj '/CN=netshot.example.com' \
> + -addext 'subjectAltName = DNS:netshot.example.com' \
> + -keyout ${SYSCONFDIR}/ssl/private/netshot.key \
> + -out ${SYSCONFDIR}/ssl/netshot.crt
- Export to PKCS#12 format for use with Java
> + # openssl pkcs12 -export -name netshot \
> + -in ${SYSCONFDIR}/ssl/netshot.crt \
> + -inkey ${SYSCONFDIR}/ssl/private/netshot.key \
> + -out ${SYSCONFDIR}/netshot.pfx
> + # chmod 640 ${SYSCONFDIR}/netshot.pfx
> + # chgrp _netshot ${SYSCONFDIR}/netshot.pfx
>
> - Enable and start Netshot to create the database tables.
> # rcctl enable netshot; rcctl start netshot
>
No comments:
Post a Comment