...
- Create CSR and PK using openssl;
create configuration file :
Code Block title csr.config [ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = California localityName = Locality Name (eg, city) localityName_default = San-Francisco organizationName = Organization Name (eg, company) organizationName_default = Linux-Foundation organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = ONAP commonName = Common Name (e.g. server FQDN or YOUR name) commonName_default = onap.org emailAddress = Email Address emailAddress_default = tester@onap.org [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = onap.org DNS.2 = test.onap.org email.1 = onap@onap.org IP.1 = 127.0.0.1 URI.1 = onap://cluster.local/run openssl command that will generate CSR (onap.csr) and private key (onap.key), using csr.config :
Code Block language bash openssl req -out onap.csr -newkey rsa:2048 -nodes -keyout onap.key -config csr.config
Encode CSR and private key in Base64. You can use this java code to create onap.csr.b64 and onap.key.b64 :
Code Block language java private static void encodeCsrAndPkInBase64() throws IOException { String csr = Files.readString(Paths.get(PATH_TO_CSR)); String pk = Files.readString(Paths.get(PATH_TO_PK)); String encodedCsr = new String(Base64.getEncoder().encode(csr.getBytes())); String encodedPk = new String(Base64.getEncoder().encode(pk.getBytes())); Files.writeString(Paths.get(PATH_TO_CSR ".b64"), encodedCsr); Files.writeString(Paths.get(PATH_TO_PK ".b64"), encodedPk); }- Paste onap.csr.b64 content in to CSR header, and onap.key.b64 content in to PK header in certifcate request
...