Commit 1ae7548a authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

Info on creation of Java keystore

parent d5959bf8
......@@ -12,4 +12,30 @@ The implementation needs to be provided to the *LocalAuthenticationProvider*.
In cases that do not require user detail persistence, no implementation of the *UserDetails* should be provided to the *LocalAuthenticationProvider*.
### SAML
\ No newline at end of file
### SAML
## Further info
### Java keystore
Based on a X.509 keypair and certificate chains, the required Java keystore can easily be consolidated with `openssl` and the `keytool` (comes with Java installation). The followings steps show the commands for the example of the keystore for dfa.de.dariah.eu and the appropriate input. Please modify accordingly:
**Convert pem/pem keypair to p12 for easier input:**
```
$ openssl pkcs12 -export -in dfa-de-dariah-eu-signed.pem -inkey dfa-de-dariah-eu-privatekey.pem > dfa-de-dariah-eu.p12
```
**Import p12 keypair and create Java keystore**
```
$ keytool -importkeystore -srckeystore dfa-de-dariah-eu.p12 -destkeystore dfa-de-dariah-eu.jks -srcstoretype pkcs12
```
**Import required trusted ca certificates (in our case the chain of our keypair and the trusted SAML metadata provider keychains)**
```
$ keytool -import -trustcacerts -alias gwdg_certificate_chain_g2 -file gwdg_certificate_chain_g2.pem -keystore dfa-de-dariah-eu.jks
$ keytool -import -trustcacerts -alias dfn-aai -file dfn-aai.pem -keystore dfa-de-dariah-eu.jks
$ keytool -import -trustcacerts -alias dfn-aai-g2 -file dfn-aai.g2.pem -keystore dfa-de-dariah-eu.jks
```
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment