Last active
November 14, 2017 13:55
-
-
Save tylert/0e72f3179ff853e75e07943a9dc6d8e3 to your computer and use it in GitHub Desktop.
Fix the localhost self-signed certificates for IoT 3.1.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Replace self-signed localhost certificate with a self-signed development one. | |
| # Works for 3.1.0 IoT Server. | |
| # https://docs.wso2.com/display/IoTS310/Configuring+WSO2+IoT+Server+with+the+IP | |
| # https://wso2.org/jira/browse/DOCUMENTATION-4535 | |
| hostname="${1}" | |
| if [ "${hostname}" == "" ]; then | |
| hostname='test1.example.foo' | |
| fi | |
| echo "Generating certificates for '${hostname}'" | |
| alias='wso2carbon' | |
| keytool -genkey -alias ${alias} -keyalg RSA -keysize 4096 \ | |
| -keypass wso2carbon -keystore selfsigned.jks -storepass wso2carbon \ | |
| -dname "cn=${hostname}, ou=Blabla Dept, o=Blabla, l=Ottawa, st=ON, c=CA" | |
| keytool -export -alias ${alias} -keystore selfsigned.jks \ | |
| -rfc -storepass wso2carbon -file public.cert | |
| # Grab the existing keystores to be fixed (it is assumed that they're all the same) | |
| cp --verbose $(find wso2iot* -name 'client-truststore.jks' | head -1) . | |
| cp --verbose $(find wso2iot* -name 'wso2carbon.jks' | head -1) . | |
| # Clear out the existing entry for this alias | |
| keytool -delete -alias ${alias} -keystore client-truststore.jks \ | |
| -storepass wso2carbon | |
| # Re-add the new entry for this alias | |
| keytool -import -noprompt -trustcacerts -alias ${alias} -file public.cert \ | |
| -keystore client-truststore.jks -storepass wso2carbon | |
| # Clear out the existing entry for this alias | |
| keytool -delete -alias ${alias} \ | |
| -keystore wso2carbon.jks -storepass wso2carbon | |
| keytool -import -noprompt -trustcacerts -alias ${alias} -file public.cert \ | |
| -keystore wso2carbon.jks -storepass wso2carbon | |
| keytool -importkeystore -srckeystore selfsigned.jks -destkeystore keystore.p12 \ | |
| -deststoretype PKCS12 -deststorepass wso2carbon -srcstorepass wso2carbon | |
| keytool -importkeystore -noprompt \ | |
| -srckeystore keystore.p12 -srcstoretype PKCS12 -srcstorepass wso2carbon \ | |
| -destkeystore wso2carbon.jks -deststorepass wso2carbon | |
| # Make sure you paste the contents of ugh.txt into iot_default.xml | |
| # XXX FIXME XXX Make the script do this automagically | |
| cat public.cert | sed '1d;$d' | tr -d '\r\n' > ugh.txt | |
| # Put the keystores in the desired locations | |
| for target in $(find wso2iot* -name 'wso2carbon.jks'); do | |
| cp --verbose wso2carbon.jks ${target} | |
| done | |
| for target in $(find wso2iot* -name 'client-truststore.jks'); do | |
| cp --verbose client-truststore.jks ${target} | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment