Mutual Auth Cert generator

gistfile1.txt

###### Configuration block

DAYS=3650

SERVER_PRIVATE_KEY_FILENAME="server-private.pem"
CLIENT_PRIVATE_KEY_FILENAME="client-private.pem"

SERVER_CERTIFICATE_FILENAME="server-certificate.pem"
CLIENT_CERTIFICATE_FILENAME="client-certificate.pem"

SERVER_TRUSTSTORE_FILENAME="server-truststore.jks"
SERVER_TRUSTSTORE_PASSWORD="blahblah"

CLIENT_TRUSTSTORE_FILENAME="client-truststore.jks"
CLIENT_TRUSTSTORE_PASSWORD="blahblah1"

SERVER_KEYSTORE_FILENAME="server.jks"
SERVER_KEYSTORE_FILENAME_P12="server.p12"
SERVER_KEYSTORE_PASSWORD="blahblah2"
SERVER_KEY_PASSWORD="blahblah3"

CLIENT_KEYSTORE_FILENAME="client.jks"
CLIENT_KEYSTORE_FILENAME_P12="client.p12"
CLIENT_KEYSTORE_PASSWORD="blahblah4"
CLIENT_KEY_PASSWORD="blahblah5"

# Certification subject
CERT_COUNTRY_NAME="UK"
CERT_STATE_OR_PROVINCE_NAME="England"
CERT_LOCALITY_NAME="London"
CERT_ORGANIZATION_NAME="MuleSoft"
CERT_ORGANIZATIONAL_UNIT_NAME="Profesional Services"
CERT_COMMON_NAME_NAME="myip.compute-1.amazonaws.com"
CERT_SUBJ="C=$CERT_COUNTRY_NAME,ST=$CERT_STATE_OR_PROVINCE_NAME,L=$CERT_LOCALITY_NAME,O=$CERT_ORGANIZATION_NAME,OU=$CERT_ORGANIZATIONAL_UNIT_NAME,CN=$CERT_COMMON_NAME_NAME"
###### End of Configuration block



#### 
#### SERVER KEYSTORE & PUBLIC CERTIFICATE
####

# Generate server keystore
keytool -genkey -keyalg RSA -keystore $SERVER_KEYSTORE_FILENAME -storepass $SERVER_KEYSTORE_PASSWORD -validity $DAYS -keysize 2048 -dname "$CERT_SUBJ" -keypass $SERVER_KEY_PASSWORD

# Export server public certificate
keytool -export -storepass $SERVER_KEYSTORE_PASSWORD -file $SERVER_CERTIFICATE_FILENAME -keystore $SERVER_KEYSTORE_FILENAME 



#### 
#### CLIENT KEYSTORE & PUBLIC CERTIFICATE
####

# Generate client keystore
keytool -genkey -keyalg RSA -keystore $CLIENT_KEYSTORE_FILENAME -storepass $CLIENT_KEYSTORE_PASSWORD -validity $DAYS -keysize 2048 -dname "$CERT_SUBJ" -keypass $CLIENT_KEY_PASSWORD

# Export client public certificate
keytool -export -storepass $CLIENT_KEYSTORE_PASSWORD -file $CLIENT_CERTIFICATE_FILENAME -keystore $CLIENT_KEYSTORE_FILENAME 



#### 
#### CLIENT & SERVER TRUST STORES
####

# Generate server trust store
keytool -importcert -trustcacerts -keystore $SERVER_TRUSTSTORE_FILENAME -storetype jks -storepass $SERVER_TRUSTSTORE_PASSWORD -file $CLIENT_CERTIFICATE_FILENAME -noprompt
 
# Generate client trust store
keytool -importcert -trustcacerts -keystore $CLIENT_TRUSTSTORE_FILENAME -storetype jks -storepass $CLIENT_TRUSTSTORE_PASSWORD -file $SERVER_CERTIFICATE_FILENAME -noprompt 



#### 
#### CLIENT & SERVER KEY PAIR EXPORT TO PKCS12
#### For compatibility with non Java systems 
####

# Export PCKS12 server keystore
keytool -importkeystore -alias mykey \
  -srckeystore "$SERVER_KEYSTORE_FILENAME" -srcstorepass "$SERVER_KEYSTORE_PASSWORD" -srckeypass "$SERVER_KEY_PASSWORD" -srcstoretype JKS \
  -destkeystore "$SERVER_KEYSTORE_FILENAME_P12" -deststorepass "$SERVER_KEYSTORE_PASSWORD" -destkeypass "$SERVER_KEYSTORE_PASSWORD" -deststoretype pkcs12

# Export PCKS12 client keystore
keytool -importkeystore -alias mykey \
  -srckeystore "$CLIENT_KEYSTORE_FILENAME" -srcstorepass "$CLIENT_KEYSTORE_PASSWORD" -srckeypass "$CLIENT_KEY_PASSWORD" -srcstoretype JKS \
  -destkeystore "$CLIENT_KEYSTORE_FILENAME_P12" -deststorepass "$CLIENT_KEYSTORE_PASSWORD" -destkeypass "$CLIENT_KEYSTORE_PASSWORD" -deststoretype pkcs12

Thanks for this script. I want to ask you about this, I hope you can remember: smile:
Can you help me understand how I can run this script on windows?, Perhaps with a .bat extension?
If the server I want to access has the certificate, is this my server-keystore certificate or is it my client-keystore?
Thanks again for your help man.