3 # ============LICENSE_START===============================================
4 # Copyright (C) 2023 Nordix Foundation. All rights reserved.
5 # ========================================================================
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
17 # ============LICENSE_END=================================================
20 BASEDIR=$(dirname $(realpath "$0"))
24 DOMAIN_NAME="CN=keycloak"
25 CA_SUBJECT="/CN=keycloak"
27 rm $BASEDIR/keycloak.server.keystore.p12 $BASEDIR/keycloak.client.truststore.p12 $BASEDIR/rootCA.crt $BASEDIR/rootCA.key $BASEDIR/rootCA.srl $BASEDIR/cert-signed $BASEDIR/cert-file 2>/dev/null
29 echo $PASSWORD > $BASEDIR/secretfile.txt
31 echo "Generating Root Certificate"
32 openssl req -x509 -sha256 -days $DAYS -newkey rsa:4096 -keyout $BASEDIR/${CANAME}.key -subj "$CA_SUBJECT" -passout file:$BASEDIR/secretfile.txt -out $BASEDIR/${CANAME}.crt
33 echo "Create server certificate for Keycloak"
34 keytool -keystore $BASEDIR/keycloak.server.keystore.p12 -storetype pkcs12 -keyalg RSA -alias keycloak -validity $DAYS -genkey -storepass $PASSWORD -keypass $PASSWORD -dname $DOMAIN_NAME -ext SAN=DNS:keycloak
35 echo "Create keycloak keystore with server certificate"
36 keytool -keystore $BASEDIR/keycloak.server.keystore.p12 -storetype pkcs12 -alias keycloak -storepass $PASSWORD -keypass $PASSWORD -certreq -file $BASEDIR/cert-file
37 echo "Sign server certificate with rootCA"
38 openssl x509 -req -CA $BASEDIR/${CANAME}.crt -CAkey $BASEDIR/${CANAME}.key -in $BASEDIR/cert-file -out $BASEDIR/cert-signed -days $DAYS -CAcreateserial -passin pass:$PASSWORD
39 echo "Add $CANAME to keystore"
40 keytool -keystore $BASEDIR/keycloak.server.keystore.p12 -alias CARoot -storepass $PASSWORD -keypass $PASSWORD -import -file $BASEDIR/${CANAME}.crt -noprompt
41 echo "Add signed server certificate to keystore"
42 keytool -keystore $BASEDIR/keycloak.server.keystore.p12 -alias keycloak -storepass $PASSWORD -keypass $PASSWORD -import -file $BASEDIR/cert-signed -noprompt
43 echo "Create keycloak truststore with $CANAME"
44 keytool -keystore $BASEDIR/keycloak.client.truststore.p12 -storetype pkcs12 -alias ca -storepass $PASSWORD -keypass $PASSWORD -import -file $BASEDIR/${CANAME}.crt -noprompt
45 rm $BASEDIR/secretfile.txt 2>/dev/null