1# Test Keys and Certificates 2 3This folder is dedicated to test keys and certificates provided in multiple formats. 4Primary use are unit test suites and cross language tests. 5 6 test/keys 7 8**The files in this directory must never be used on production systems.** 9 10 11## SSL Keys and Certificates 12 13### create certificates 14 15we use the following parameters for test key and certificate creation 16 17 C=US, 18 ST=Maryland, 19 L=Forest Hill, 20 O=The Apache Software Foundation, 21 OU=Apache Thrift, 22 CN=localhost/emailAddress=dev@thrift.apache.org 23 24### create self-signed server key and certificate 25 26 openssl req -new -x509 -nodes -days 3000 -out server.crt -keyout server.key 27 openssl x509 -in server.crt -text > CA.pem 28 cat server.crt server.key > server.pem 29 30Export password is **thrift** 31 32 openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12 33 34### create client key and certificate 35 36 openssl genrsa -out client.key 37 38create a signing request: 39 40 openssl req -new -key client.key -out client.csr 41 42sign the client certificate with the server.key 43 44 openssl x509 -req -days 365 -in client.csr -CA CA.pem -CAkey server.key -set_serial 01 -out client.crt 45 46export certificate in PKCS12 format (Export password is **thrift**) 47 48 openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12 49 50export certificate in PEM format for OpenSSL usage 51 52 openssl pkcs12 -in client.p12 -out client.pem -clcerts 53 54 55## Java key and certificate import 56 57Java Test Environment uses key and trust store password **thrift** 58 59list keystore entries 60 61 keytool -list -storepass thrift -keystore ../../lib/java/test/.keystore 62 63list truststore entries 64 65 keytool -list -storepass thrift -keystore ../../lib/java/test/.truststore 66 67delete an entry 68 69 keytool -delete -storepass thrift -keystore ../../lib/java/test/.truststore -alias ssltest 70 71import certificate into truststore 72 73 keytool -importcert -storepass thrift -keystore ../../lib/java/test/.truststore -alias localhost --file server.crt 74 75import key into keystore 76 77 keytool -importkeystore -storepass thrift -keystore ../../lib/java/test/.keystore -srcstoretype pkcs12 -srckeystore server.p12 78 79# Test SSL server and clients 80 81 openssl s_client -connect localhost:9090 82 openssl s_server -accept 9090 -www 83 84