1# Test Keys and Certificates
2
3This folder is dedicated to test keys and certificates provided in multiple formats.
4Primary use are unit test suites and cross language tests.
5
6    test/keys
7
8**The files in this directory must never be used on production systems.**
9
10
11## SSL Keys and Certificates
12
13### create certificates
14
15we use the following parameters for test key and certificate creation
16
17    C=US,
18    ST=Maryland,
19    L=Forest Hill,
20    O=The Apache Software Foundation,
21    OU=Apache Thrift,
22    CN=localhost/emailAddress=dev@thrift.apache.org
23
24### create self-signed server key and certificate
25
26    openssl req -new -x509 -nodes  -days 3000 -out server.crt -keyout server.key
27    openssl x509 -in server.crt -text > CA.pem
28    cat server.crt server.key > server.pem
29
30Export password is **thrift**
31
32    openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12
33
34### create client key and certificate
35
36    openssl genrsa -out client.key
37
38create a signing request:
39
40    openssl req -new -key client.key -out client.csr
41
42sign the client certificate with the server.key
43
44    openssl x509 -req -days 365 -in client.csr -CA CA.pem -CAkey server.key -set_serial 01 -out client.crt
45
46export certificate in PKCS12 format (Export password is **thrift**)
47
48    openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
49
50export certificate in PEM format for OpenSSL usage
51
52    openssl pkcs12 -in client.p12 -out client.pem -clcerts
53
54
55## Java key and certificate import
56
57Java Test Environment uses key and trust store password **thrift**
58
59list keystore entries
60
61    keytool -list -storepass thrift -keystore ../../lib/java/test/.keystore
62
63list truststore entries
64
65    keytool -list -storepass thrift -keystore ../../lib/java/test/.truststore
66
67delete an entry
68
69    keytool -delete -storepass thrift -keystore ../../lib/java/test/.truststore -alias ssltest
70
71import certificate into truststore
72
73    keytool -importcert -storepass thrift -keystore ../../lib/java/test/.truststore -alias localhost --file server.crt
74
75import key into keystore
76
77    keytool -importkeystore -storepass thrift -keystore ../../lib/java/test/.keystore -srcstoretype pkcs12 -srckeystore server.p12
78
79# Test SSL server and clients
80
81    openssl s_client -connect localhost:9090
82    openssl s_server -accept 9090 -www
83
84