-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGenerateKeys
30 lines (17 loc) · 1.8 KB
/
GenerateKeys
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Generate the keys using the below commands in a sequence:
kafka.server.keystore.jks will have public and private key
keytool -keystore /home/shamim/Confluent/security/kafka.server.keystore.jks -alias localhost -validity 365 -genkey -keyalg RSA
openssl req -new -x509 -keyout /home/shamim/Confluent/security/ca-key -out /home/shamim/Confluent/security/ca-cert -days 365
keytool -keystore /home/shamim/Confluent/security/kafka.server.truststore.jks -alias CARoot -import -file /home/shamim/Confluent/security/ca-cert
keytool -keystore /home/shamim/Confluent/security/kafka.client.truststore.jks -alias CARoot -import -file /home/shamim/Confluent/security/ca-cert
keytool -keystore /home/shamim/Confluent/security/kafka.server.keystore.jks -alias localhost -certreq -file /home/shamim/Confluent/security/cert-file
openssl x509 -req -CA /home/shamim/Confluent/security/ca-cert -CAkey /home/shamim/Confluent/security/ca-key -in /home/shamim/Confluent/security/cert-file -out /home/shamim/Confluent/security/cert-signed -days 365 -CAcreateserial -passin pass:tibcobw
keytool -keystore /home/shamim/Confluent/security/kafka.server.keystore.jks -alias CARoot -import -file /home/shamim/Confluent/security/ca-cert
keytool -keystore /home/shamim/Confluent/security/kafka.server.keystore.jks -alias localhost -import -file /home/shamim/Confluent/security/cert-signed
how to test if the keys generated are correct and valid:
start the kafka server using the keys and run the below command:
openssl s_client -debug -connect localhost:9094 -tls1
we should see lines like below:
q+40p+XHBxiAr/zKYTTIabFDK72edg3hfUbW3ZuPw3EedSd48QC6nEsQzfpMc/Xn JGhYl7SEY2iFp5PmjJz2nXkhPUmgwsE=
-----END CERTIFICATE----- subject=/C=US/ST=NJ/L=BB/O=TEST/OU=TEST/CN=localhost
issuer=/C=US/ST=NJ/L=BRN/O=TEST/OU=TEST/CN=localhost/[email protected]