From cfde4fb9ae7d45aa272487575dc8b45d2b6f6354 Mon Sep 17 00:00:00 2001 From: Abhijee Kale Date: Mon, 12 Feb 2018 13:54:28 +0530 Subject: [PATCH 1/2] NR-27 Add documentation for InstallCert Added documentation for the InstallCert --- .gitignore | 3 +- Readme.md | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 Readme.md diff --git a/.gitignore b/.gitignore index c2e74c4..eb2a88b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ *.iml .idea -target \ No newline at end of file +target +.DS_store diff --git a/Readme.md b/Readme.md new file mode 100644 index 0000000..fee2a67 --- /dev/null +++ b/Readme.md @@ -0,0 +1,94 @@ +InstallCert +============================================== + +The goal of this project is to create a Jar file InstallCert.jar which downloads certificate chain from a remote host +and adds the certificates to a local keystore. + +## Where do I download InstallCert? +You can clone the repository in a location where there is enough free space to hold the repository source code. + +In order to Clone this repository, please use the following command at a location where you intend to download +InstallCert: + +git clone https://github.com/netradius/install-cert + + +## How do I build InstallCert? +In order to build this project, you need to have the Java SE 8 (JDK) installed - You should be able to run "java +-version" from the command line. + +Inorder to build the jar, you need to open a command prompt, navigate to the same directory as the top level pom.xml +file in the project and then run the following command + +./mvnw clean package + +## How do I run InstallCert? +Inorder to run the jar, you need to open a command prompt, navigate to the same directory as the top level pom.xml +file in the project and then run the following command + +java -jar ./target/install-cert-X.X.X-SNAPSHOT.jar -h HOST_NAME_OR_IP –k PATH_TO_JAVA_TRUSTSTORE –s +PASSWORD_FOR_TRUSTSTORE -p PORT_TO_CONNECT + + +where following are the options you need to add while running above command + +-b,--backup backup keystore before save +-h,--host host to connect to +-H,--help print this menu +-k,--keystore keystore to add to (default is the JVM + cacerts file)) +-n,--noprompt do not prompt to save +-p,--port port to connect to (default 443) +-s,--passphrase passphrase for key store (default + changeit) + +Example + +java -jar ./target/install-cert-1.0.0-SNAPSHOT.jar -h google.com -k $(/usr/libexec/java_home) +/jre/lib/security/cacerts -s changeit -p 443 + +Sample Output: +Abhijeets-MacBook-Pro:install-cert abhi$ java -jar ./target/install-cert-1.0.0-SNAPSHOT.jar -h google.com -k +/Test/cacerts -s changeit -p 443 +opening connect to google.com:443 +starting SSL handshake +obtained 3 certificate(s) from host + +Certificate 0: + Subject: CN=*.google.com, O=Google Inc, L=Mountain View, ST=California, C=US + Issuer: CN=Google Internet Authority G2, O=Google Inc, C=US + SHA1: 7311351267DE95C6A749E664439E009F10562D95 + MD5: B0470908284F7B5978EB301B2C1375FE + +add certificate to keystore (Y/n) [Y] +Y +adding certificates to keystore as alias google.com-0 + + +Certificate 1: + Subject: CN=Google Internet Authority G2, O=Google Inc, C=US + Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US + SHA1: A6120FC0B4664FAD0B3B6FFD5F7A33E561DDB87D + MD5: 17866CCBD224BD2FF9DF48B95118F935 + +add certificate to keystore (Y/n) [Y] +Y +adding certificates to keystore as alias google.com-1 + + +Certificate 2: + Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US + Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US + SHA1: 7359755C6DF9A0ABC3060BCE369564C8EC4542A3 + MD5: 2E7DB2A31D0E3DA4B25F49B9542A2E1A + +add certificate to keystore (Y/n) [Y] +Y +adding certificates to keystore as alias google.com-2 + +save modified keystore (Y/n) [Y] +Y + +keystore written successfully, exiting + +[NetRadius, LLC](https://www.netradius.com/) From fc7e8cf148aadd8b9cd40446161b9cfed05123cd Mon Sep 17 00:00:00 2001 From: Abhijee Kale Date: Tue, 13 Feb 2018 18:24:19 +0530 Subject: [PATCH 2/2] NR-27 Add documentation for InstallCert Minor fixes --- Readme.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/Readme.md b/Readme.md index fee2a67..65d50f4 100644 --- a/Readme.md +++ b/Readme.md @@ -1,4 +1,4 @@ -InstallCert +[InstallCert](https://www.netradius.com/) ============================================== The goal of this project is to create a Jar file InstallCert.jar which downloads certificate chain from a remote host @@ -17,20 +17,20 @@ git clone https://github.com/netradius/install-cert In order to build this project, you need to have the Java SE 8 (JDK) installed - You should be able to run "java -version" from the command line. -Inorder to build the jar, you need to open a command prompt, navigate to the same directory as the top level pom.xml +In order to build the jar, you need to open a command prompt, navigate to the same directory as the top level pom.xml file in the project and then run the following command ./mvnw clean package ## How do I run InstallCert? -Inorder to run the jar, you need to open a command prompt, navigate to the same directory as the top level pom.xml +In order to run the jar, you need to open a command prompt, navigate to the same directory as the top level pom.xml file in the project and then run the following command java -jar ./target/install-cert-X.X.X-SNAPSHOT.jar -h HOST_NAME_OR_IP –k PATH_TO_JAVA_TRUSTSTORE –s PASSWORD_FOR_TRUSTSTORE -p PORT_TO_CONNECT -where following are the options you need to add while running above command +where following are the options you may need to add while running above command -b,--backup backup keystore before save -h,--host host to connect to @@ -48,7 +48,7 @@ java -jar ./target/install-cert-1.0.0-SNAPSHOT.jar -h google.com -k $(/usr/libex /jre/lib/security/cacerts -s changeit -p 443 Sample Output: -Abhijeets-MacBook-Pro:install-cert abhi$ java -jar ./target/install-cert-1.0.0-SNAPSHOT.jar -h google.com -k +install-cert abhi$ java -jar ./target/install-cert-1.0.0-SNAPSHOT.jar -h google.com -k /Test/cacerts -s changeit -p 443 opening connect to google.com:443 starting SSL handshake @@ -90,5 +90,3 @@ save modified keystore (Y/n) [Y] Y keystore written successfully, exiting - -[NetRadius, LLC](https://www.netradius.com/)