Skip to content

Latest commit

 

History

History
60 lines (48 loc) · 1.7 KB

README.md

File metadata and controls

60 lines (48 loc) · 1.7 KB

Setup

virtualenv venv
. venv/bin/activate

pip install -r requirements.txt

Start Server

. venv/bin/activate
pykmip-server -f server.conf -l ./log

Client

. venv/bin/activate
python client.py

Certificates

A set of certificates that's need are checked in - /certs They are generated by using https://github.com/OpenKMIP/PyKMIP/blob/master/bin/create_certificates.py which you can easily do it yourself if they expire (or if you simply feel like it).

Useful openssl commands

# certification format conversion
openssl x509 -in certs/client_certificate_jane_doe.pem -outform DER -out client_certificate_jane_doe.der

# keypair format conversion
openssl pkcs8 -in certs/client_key_jane_doe.pem -outform DER -out client_key_jane_doe.der -nocrypt

# show certificate
openssl x509 -in certs/client_certificate_jane_doe.pem -text -noout

Create keystore for use by client

# export client's key and cert into PKCS12 (a container for this kind of purpose)
# you would be prompted with a password and you'd need to provide it
openssl pkcs12 -export \
 -in certs/client_certificate_jane_doe.pem \
 -inkey certs/client_key_jane_doe.pem -name client -out client_jane_doe.p12

# import client bundle into a new keystore
# you will be prompted for the password you just set
keytool -importkeystore \
 -srckeystore client_jane_doe.p12 -srcstoretype PKCS12 \
 -destkeystore keystore.jks -deststorepass password

# import the CA bundle (just one) into the keystore
keytool -import -noprompt \
 -alias root -trustcacerts -file certs/root_certificate.pem -keystore keystore.jks \
 -storepass password

# inspect what's inside the keystore
keytool -list -keystore keystore.jks -storepass password -v