Changes between Version 37 and Version 38 of flukes

Show
Ignore:
Timestamp:
12/05/11 13:12:50 (8 years ago)
Author:
ibaldin (IP: 152.54.9.21)
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • flukes

    v37 v38  
    153153This section explains how to convert these credentials for use with Flukes. It presumes you have one of the credentials described above. A Flukes keystore can contain multiple private key entries. A user can select the key to be used for submitting a specific request at the time of the submission.  
    154154 
    155 In order to make these credentials usable by Flukes, a user must create a Java JKS keystore and import at least one of the credentials into it. Java's command-line tool for manipulating keystores does not permit importing an existing private key. The easiest way to import a key/certificate is to download a tool like [http://portecle.sourceforge.net/ Portecle]. Portecle is Java-based and works across multiple platforms. Importing a .pem file containing a key and a certificate issued by either Emulab or GPO is straightforward and shown in this [attachment:"Creating Flukes keystore.mov" screen capture]. 
     155In order to make these credentials usable by Flukes, a user must create a Java JKS keystore and import at least one of the credentials into it. Java's command-line tool for manipulating keystores does not permit importing an existing private key. The easiest way to import a key/certificate is to download a tool like [http://portecle.sourceforge.net/ Portecle]. Portecle is Java-based and works across multiple platforms. Importing a .pem file containing a key and a certificate issued by either Emulab or GPO is straightforward and shown in this [attachment:"Creating Flukes keystore.mov" screen capture]. The process is as follows: 
    156156 
     157 * Obtain a .pem file 
     158 * Check it using openssl: 
     159{{{ 
     160$ openssl x509 -text -in mycredential.pem 
     161}}} 
     162 * Start Portecle 
     163 * Create a new keystore of type JKS 
     164 * Click on "Import Key Pair" 
     165 * Locate the .pem file 
     166 * Enter the password protecting the .pem file 
     167 * Import the key and certificate, but change the key alias to something simpler than a GUID 
     168 * Enter and confirm a new key password  
     169 * Click on "Save Keystore" 
     170 * Enter and confirm the new keystore password (use same as the key password) 
     171 * Enter the path to the keystore file into .flukes.properties "user.keystore" property 
    157172 
     173'''A note about keystore passwords: ''' a java keystore always has a password protecting its integrity. Each key within a keystore can also have a password. Flukes currently assumes both the keystore and key passwords are the same.  
     174 
     175For credentials issued through BEN (usually as part of BEN VPN access) the user must first create a single PKCS#12 file combining the private key and a BEN certificate (they are otherwise supplied separately). Then the resulting .p12 file can be imported into a Java keystore the same way that a .pem file from GPO or Emulab is imported: 
     176{{{ 
     177$ openssl pkcs12 -export -in username.crt -inkey username.key -out username.p12 
     178}}} 
     179In this case username.crt and username.key are your BEN certificate and private key, respectively and username.p12 is the new file combining the two.