"Fossies" - the Fresh Open Source Software Archive

Member "elasticsearch-6.8.15/x-pack/test/smb-fixture/src/main/resources/certs/README.asciidoc" (3 Mar 2021, 2358 Bytes) of package /linux/www/elasticsearch-6.8.15-src.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format (assuming AsciiDoc format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

Instructions on generating certificates

The certificates in this directory have been generated using elasticsearch-certutil (8.0.0 SNAPSHOT)

Generate certificates for the Samba server

These keys and certificates are copied by installsmb.sh for the Samba server to use for TLS. See ../provision/installsmb.sh

elasticsearch-certutil ca --pem --out=${PWD}/samba-ca.zip

unzip samba-ca.zip
mv ca/ca.crt ./ca.pem
mv ca/ca.key ./ca.key

rm samba-ca.zip
rm -r ca
elasticsearch-certutil cert  --pem --ca-cert ${PWD}/ca.pem --ca-key ${PWD}/ca.key \
   --dns localhost --ip 127.0.0.1,0:0:0:0:0:0:0:1 --name samba4 --out ${PWD}/samba4.zip

unzip samba4.zip
mv samba4/samba4.crt ./cert.pem
mv samba4/samba4.key ./key.pem

rm samba4.zip
rm -r samba4

Ensure that all tests are aware of the certificate and keys

cp ./ca.pem ../../../../../../../x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/smb_ca.crt
cp ./cert.pem ../../../../../../../x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/smb_cert.crt
cp ./cert.pem ../../../../../../../x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/samba4.crt

keytool -keystore ../../../../../../../x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/ADtrust.jks -storepass changeit -delete -noprompt -alias smb_ca
keytool -keystore ../../../../../../../x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/ADtrust.jks -storepass changeit -importcert -file ca.pem -alias smb_ca -noprompt