Certificate and PKCS#12 Creation Script

I made a script that automates the creation of certificate and associated PKCS#12 file.
The script can easily be modified as needed.

First we need to create a trusted root CA:

keytool -genkeypair -alias “rootCA” -keyalg “RSA” -dname “CN=rootCA,OU=orgUnit,O=org,L=Zagreb,S=Croatia,C=HR” -keypass rootcapwd -validity 365 -keystore c:\Temp\clients.jks -storepass storePwd

Self-signed certificate should be replaced with a chain of certificates. Chain contains the final certificate, intermediate CA certificates and root CA certificate in which everyone believes.
Intermediate CA is subordinate to the CA authority that is used to create your own certificates in a PKI environment. Option-certreq generate Certificate Signing Request (CSR) for the intermediate CA that is sent to the root CA who carried out the necessary checks and signs the request, encrypts it by it’s private key, and returns certificate which is imported to the keystore as a replacement for the original self-signed certificate by using -importcert option.

Now we are ready for issuing client certificates.
Example of calling the script:

               script.bat user1 pwdusr1

And finally, the script.bat:

cd C:/jdk1.7.0/bin
set ksfile=c:/Temp/clients.jks
set kspwd=storePwd
set ksdata= -keystore %ksfile% -storepass %kspwd%
keytool -list -alias %1 %ksdata% | findstr /e “does not exist”
@if not %errorlevel% == 0 goto end
set srcks= -srckeystore %ksfile% -srcstorepass %kspwd% -srcstoretype JKS
set destks= -destkeystore c:/Security/%1.p12 -deststorepass %2 –deststoretype PKCS12
keytool -genkeypair -alias %1 -keyalg “RSA” -dname “CN=%1, OU=orgUnit, O=org, L=Zagreb,S=Croatia,C=HR” -keypass %2 -validity 365 %ksdata%
keytool -certreq -alias %1 -keypass %2 %ksdata% | keytool -gencert -alias rootCA -keypass rootcapwd %ksdata% | keytool -importcert -alias %1 -keypass %2 %ksdata%
keytool -exportcert -alias %1 -file c:\Security\%1.cer %ksdata%
keytool -importkeystore %srcks% -srcalias %1 -srckeypass %2 %destks% -noprompt 
:end

Oglasi
Ovaj unos je objavljen u Nekategorizirano. Bookmarkirajte stalnu vezu.

Komentiraj

Popunite niže tražene podatke ili kliknite na neku od ikona za prijavu:

WordPress.com Logo

Ovaj komentar pišete koristeći vaš WordPress.com račun. Odjava / Izmijeni )

Twitter picture

Ovaj komentar pišete koristeći vaš Twitter račun. Odjava / Izmijeni )

Facebook slika

Ovaj komentar pišete koristeći vaš Facebook račun. Odjava / Izmijeni )

Google+ photo

Ovaj komentar pišete koristeći vaš Google+ račun. Odjava / Izmijeni )

Spajanje na %s