From 458b5c9a8f72a2b01f034ded36e1816ed64e7e34 Mon Sep 17 00:00:00 2001 From: flyisland Date: Tue, 16 Mar 2021 22:06:58 +0800 Subject: [PATCH] add: docker-compose.yml for create a Solace docker instance with tls enabled --- examples/tls/README.md | 152 ++++++++++++++++++++++++++++++++ examples/tls/docker-compose.yml | 56 ++++++++++++ examples/tls/localhost.crt | 20 +++++ examples/tls/localhost.csr | 17 ++++ examples/tls/localhost.key | 27 ++++++ examples/tls/localhost.pem | 47 ++++++++++ examples/tls/openssl.cnf | 23 +++++ 7 files changed, 342 insertions(+) create mode 100644 examples/tls/README.md create mode 100644 examples/tls/docker-compose.yml create mode 100644 examples/tls/localhost.crt create mode 100644 examples/tls/localhost.csr create mode 100644 examples/tls/localhost.key create mode 100644 examples/tls/localhost.pem create mode 100644 examples/tls/openssl.cnf diff --git a/examples/tls/README.md b/examples/tls/README.md new file mode 100644 index 0000000..e3fa10e --- /dev/null +++ b/examples/tls/README.md @@ -0,0 +1,152 @@ +# Solace PS+ with TLS + +## Reference + +[Secrets Configuration](https://docs.solace.com/Configuring-and-Managing/SW-Broker-Specific-Config/Docker-Tasks/Config-Secrets.htm) + +## Setup a PS+ broker with TLS enable + +### Create a self signed certificate + +```bash +# Generate a Private Key +$ openssl genrsa -out localhost.key 2048 +Generating RSA private key, 2048 bit long modulus +......................+++ +.....................................................................+++ +e is 65537 (0x10001) + +# Generate a CSR (Certificate Signing Request) with subjectAltName +$ openssl req -new -sha256 \ +-out localhost.csr \ +-key localhost.key \ +-config openssl.cnf \ +-subj "/C=CN/ST=GuangDong/L=ShenZhen/O=Acme, Inc./CN=localhost/" + +# Generating a Self-Signed Certificate +$ openssl x509 -req \ + -sha256 \ + -days 365 \ + -in localhost.csr \ + -signkey localhost.key \ + -out localhost.crt \ + -extensions req_ext \ + -extfile openssl.cnf + +Signature ok +subject=/C=CN/ST=GuangDong/L=ShenZhen/O=Acme, Inc./CN=localhost +Getting Private key + +# Generate a PEM file for Solace PS+ broker +$ cat localhost.crt localhost.key > localhost.pem + +# Check the CSR and Certificate, you should see "Subject Alternative Name" +$ openssl req -text -noout -in localhost.csr +$ openssl x509 -text -noout -in localhost.crt +``` + +### Create a PS+ docker instance with TLS enabled + +Update the "volumes" section of `./docker-compose.yml` with the full path of the folder contains above certificate. + +## Start the PS+ broker + +```bash +docker-compose up -d +Creating network "tls_default" with the default driver +Creating tlsbroker ... done +``` + +## Verify the TLS service is enable + +You will find that ports like `1943` (Access to PubSub+ Manager over HTTPS, SEMP over TLS), 55443 (SMF TLS / SSL) all open now. + +```bash +docker exec -it tlsbroker /usr/sw/loads/currentload/bin/cli -A + +Solace PubSub+ Standard Version 9.5.0.25 + +The Solace PubSub+ Standard is proprietary software of +Solace Corporation. By accessing the Solace PubSub+ Standard +you are agreeing to the license terms and conditions located at +http://www.solace.com/license-software + +Copyright 2004-2020 Solace Corporation. All rights reserved. + +To purchase product support, please contact Solace at: +https://solace.com/contact-us/ + +Operating Mode: Message Routing Node + +3dd5cd886d54> show service + +Msg-Backbone: Enabled + VRF: management + SMF: Enabled + Web-Transport: Enabled + REST Incoming: Enabled + REST Outgoing: Enabled + MQTT: Enabled + AMQP: Enabled + Health-check: Enabled + Mate-link: Enabled + Redundancy: Enabled + +Max Incoming Connections: 100 + Service SMF: 100 + Service Web-Transport: 100 + Service REST: 100 + Service MQTT: 100 + Service AMQP: 100 +Max Outgoing Connections: + Service REST: 100 +Max SSL Connections: 100 + +Event Threshold Set Value Clear Value +---------------------------------- ---------------- ---------------- +Incoming Connections 80%(80) 60%(60) + Service SMF 80%(80) 60%(60) +Outgoing Connections + Service REST 80%(80) 60%(60) +SSL Connections 80%(80) 60%(60) + + +Flags Legend: +TP - Transport +T+U - TCP and UDP +S - SSL (Y=Yes, N=No, -=not-applicable) +C - Compressed (Y=Yes, N=No, -=not-applicable) +R - Routing Ctrl (Y=Yes, N=No, -=not-applicable) +VRF - VRF (Mgmt=management, MsgBB=msg-backbone) +A - Admin State (U=Up, D=Down, -=not-applicable) +O - Oper State (U=Up, D=Down, -=not-applicable) + + Status +Service TP S C R VRF MsgVpn Port A O Failed Reason +---------- --- ----- ----- --------------- ----- --- -------------------------- +SEMP TCP N - - Mgmt 8080 U U +SEMP TCP Y - - Mgmt 1943 U U +SMF TCP N N N Mgmt 55555 U U +---Press any key to continue, or `q' to quit--- +SMF TCP N Y N Mgmt 55003 U U +SMF TCP N N Y Mgmt 55556 U D +SMF TCP Y N N Mgmt 55443 U U +SMF WEB N - - Mgmt 8008 U U +SMF WEB Y - - Mgmt 1443 U U +MQTT TCP N - - Mgmt default 1883 U U +MQTT TCP Y - - Mgmt default 8883 U U +MQTT WEB N - - Mgmt default 8000 U U +MQTT WEB Y - - Mgmt default 8443 U U +AMQP TCP N - - MsgBB default 5672 U U +AMQP TCP Y - - MsgBB default 5671 U U +REST WEB N - - Mgmt default 9000 U U +REST WEB Y - - Mgmt default 9443 U U +MATELINK TCP N N N Mgmt 8741 U D Missing Mate Address +HEALTHCHK TCP N N N Mgmt 5550 U U +REDUNDANCY TCP Y N N Mgmt 8300 U D +REDUNDANCY T+U Y N N Mgmt 8301 U D +REDUNDANCY T+U Y N N Mgmt 8302 U D + +3dd5cd886d54> + +``` diff --git a/examples/tls/docker-compose.yml b/examples/tls/docker-compose.yml new file mode 100644 index 0000000..9adc29b --- /dev/null +++ b/examples/tls/docker-compose.yml @@ -0,0 +1,56 @@ +# docker-compose --compatibility up -d +# docker exec -it tlsbroker /usr/sw/loads/currentload/bin/cli -A +version: '3.9' + +services: + tlsbroker: + container_name: tlsbroker + image: solace/solace-pubsub-standard:latest + shm_size: 2g + ulimits: + nofile: + soft: 2448 + hard: 38048 + ports: + #Port Mappings: Ports are mapped straight through from host to + #container. This may result in port collisions on commonly used + #ports that will cause failure of the container to start. + # Solace CLI SSH/SFTP + - 2222:2222 + #Web transport + #- '80:80' + #Web transport over TLS + #- '443:443' + #MQTT Default VPN + - '1883:1883' + #AMQP Default VPN over TLS + #- '5671:5671' + #AMQP Default VPN + #- '5672:5672' + #MQTT Default VPN over WebSockets + #- '8000:8000' + #MQTT Default VPN over WebSockets / TLS + #- '8443:8443' + #MQTT Default VPN over TLS + - '8883:8883' + #SEMP / PubSub+ Manager + - '8080:8080' + #SEMP / PubSub+ Manager over TLS + - '1943:1943' + #REST Default VPN + - '9000:9000' + #REST Default VPN over TLS + - '9443:9443' + #SMF + - '44444:55555' + #SMF Compressed + - '55003:55003' + #SMF over TLS + - '55443:55443' + volumes: + - "./:/run/secrets" + environment: + - username_admin_globalaccesslevel=admin + - username_admin_password=admin + - system_scaling_maxconnectioncount=1000 + - tls_servercertificate_filepath=/run/secrets/localhost.pem diff --git a/examples/tls/localhost.crt b/examples/tls/localhost.crt new file mode 100644 index 0000000..7cb10d7 --- /dev/null +++ b/examples/tls/localhost.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVTCCAj2gAwIBAgIJAJawWnFv0vT9MA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNV +BAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0RvbmcxETAPBgNVBAcMCFNoZW5aaGVuMRMw +EQYDVQQKDApBY21lLCBJbmMuMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjAwNjE2 +MDgzOTA3WhcNMjEwNjE2MDgzOTA3WjBdMQswCQYDVQQGEwJDTjESMBAGA1UECAwJ +R3VhbmdEb25nMREwDwYDVQQHDAhTaGVuWmhlbjETMBEGA1UECgwKQWNtZSwgSW5j +LjESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAzDBLQKokCWnLrp4r/CzSWQ3asG70d2eo9mNMCUfZkpBPXsWK9czsRNSK +6CYu6AiHhdPxo+Kgla1UH31FLwLQvTQhpc5LKtynf+vYtQxRa4Y3Sq+h9o8VaIho +0WBellk4t22ge1awEAAE8JVmsBa+RmF/EmYaeg/n6F6lul5w/TRszWUA4FVq8Qji +rjMDWvTy/n57M9a9btjYUa/cVLYf1q3g9RX6JCeEsdsUWJZ9V5Em3Twb1W/rLEb6 +/Qsl8MutVkYY4llq/ppWST++ksTnHp+XM5lD/76UC9Q3361zgV+IoTVNAGTtfMg6 +OgN+utNpXlQYx7ICqFc1pa9+hfBYiwIDAQABoxgwFjAUBgNVHREEDTALgglsb2Nh +bGhvc3QwDQYJKoZIhvcNAQELBQADggEBAFbut9NmYgy+HWXrBffXTz0PC999e7FC +pXvjdBNAMSyL6hvZypo7L9J8MtomoAYUqyT+0vNA+beCfpRyYIF3jw3EnuHVp9/h +4D+lpvQpkSabCTHqs1BBPtTzVis6IbK8QX9KuFM6v7q5HGuRSssvIS0QJPZ4mq/A +M1hoTz/mwLwmq/l2pvcYX0mV7M2T6Wq0sOjWDgNBtuX79+F+wZ6JlodGccJYKt/3 +bPZOr8nfl+Mm2qHGk59Bo3Jr3iEveJTfMDWUJ9civg0PbiWDeuI3MingVNkMqC1w +dqjA8zbP0ZIUCZAgjHgp/y9DfbLOQ5/jOTZUHGwjZ62rILgPCYPNylo= +-----END CERTIFICATE----- diff --git a/examples/tls/localhost.csr b/examples/tls/localhost.csr new file mode 100644 index 0000000..4c99576 --- /dev/null +++ b/examples/tls/localhost.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICyTCCAbECAQAwXTELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUd1YW5nRG9uZzER +MA8GA1UEBwwIU2hlblpoZW4xEzARBgNVBAoMCkFjbWUsIEluYy4xEjAQBgNVBAMM +CWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwwS0Cq +JAlpy66eK/ws0lkN2rBu9HdnqPZjTAlH2ZKQT17FivXM7ETUiugmLugIh4XT8aPi +oJWtVB99RS8C0L00IaXOSyrcp3/r2LUMUWuGN0qvofaPFWiIaNFgXpZZOLdtoHtW +sBAABPCVZrAWvkZhfxJmGnoP5+hepbpecP00bM1lAOBVavEI4q4zA1r08v5+ezPW +vW7Y2FGv3FS2H9at4PUV+iQnhLHbFFiWfVeRJt08G9Vv6yxG+v0LJfDLrVZGGOJZ +av6aVkk/vpLE5x6flzOZQ/++lAvUN9+tc4FfiKE1TQBk7XzIOjoDfrrTaV5UGMey +AqhXNaWvfoXwWIsCAwEAAaAnMCUGCSqGSIb3DQEJDjEYMBYwFAYDVR0RBA0wC4IJ +bG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBAQBKecNl6n3JqlubC4fRK6RQiZGn +yHYl5BCXDfFobOyIbTZsC1NymA71gwE2lXZpbTdGA2V9tIY/wVSYrRRSa1rVhwu8 +wtfg70UucUvbSI679LPVmbN7W+bICPVf3KKYy3xbCXAhmllUSwWSNWvQNF3ya1XP +/FLM7JTv5UiYAZJpvd9vCzEB0R4pKfBHGt3+qfZ8iitFQB3JtsJRo+gBbWfALtNd +Fc3e6+zpn8hCYE2HlU3RrmsGNaZxZEkuHMu3YW7uZ+sh7m8eytnzZq2LaLXmUubx +E831wg5z987o/gWpUBoyzKsJ+vZpG5/oVu+jnxWXsknu+hGM+WLYUufAzKlh +-----END CERTIFICATE REQUEST----- diff --git a/examples/tls/localhost.key b/examples/tls/localhost.key new file mode 100644 index 0000000..a294d0c --- /dev/null +++ b/examples/tls/localhost.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzDBLQKokCWnLrp4r/CzSWQ3asG70d2eo9mNMCUfZkpBPXsWK +9czsRNSK6CYu6AiHhdPxo+Kgla1UH31FLwLQvTQhpc5LKtynf+vYtQxRa4Y3Sq+h +9o8VaIho0WBellk4t22ge1awEAAE8JVmsBa+RmF/EmYaeg/n6F6lul5w/TRszWUA +4FVq8QjirjMDWvTy/n57M9a9btjYUa/cVLYf1q3g9RX6JCeEsdsUWJZ9V5Em3Twb +1W/rLEb6/Qsl8MutVkYY4llq/ppWST++ksTnHp+XM5lD/76UC9Q3361zgV+IoTVN +AGTtfMg6OgN+utNpXlQYx7ICqFc1pa9+hfBYiwIDAQABAoIBAEWXMA6Z7i5HIGQj +BFqt7ALt9dqr9iW77poKvZ9sHXsWM/bY3MNpVB0hUzZLzTDHt2ilE3YHhzN8H2+c +AjhDfWD+o3kfFf9FtNCkUPdje1xqIe4SbeDaYzF9TDwP3Czhu7LIaimfIeJSH1zf +jl/1YGQcVnKu2ddAFInduB4MkfW5jIFP6zHGNThHwJcxlxmd5EE1tGm5GE8Me1YS +bkAkT8DUBqYPHDVRTfwzROvgncGfpctoLvsnc/ZVA+YWNF4c4zDxfZtZ06/Nvu4a +3KOHXVIINrvFiVlxkPwtGkMvYRufzlJtZE1IW93Zjz00ZQo+FD0pkc5Aalf2ojeb +YpGmVAECgYEA5upV1D8ReSKWFlil5s5pF/E2ElLHTVOaBrs5TZ+MIhU0POLaJJ7W +c84+ZQlxJP853PqOhTw8ozIFAMh8LDITHMmA4lNwxKXAIoHmLoe2GTLYD9N/mir5 +HaYejSEDAG7uX61hoeYzXiwuPHA759gH31zEYoXcHQqBhc3Pbpq7i/MCgYEA4l6y ++UOKpkVQZ3yWHeM6dXgUcsnMqfYlwoVvLDPZ2tq9ChlR0FXZdrG3z/X1jjvDZf/b +3Vhknuzzjm7w9vHesWZj2rhzevVxgZRw6Y02Z6uIWGJX9EupGi63nEEfZb4ThYjI +Ccm6Qdtb28kBJTSMG0xn7hlIaV8bcDrtsvqCHwkCgYAiWn6GYxOgZ+rYTDvySIcO +Ds6yjyojcOqbUcNGrxPUBj+NR1qY1CCnfel+cpcon+fl3kjRvZJv3QMtiKYglRqO +z9Oi2DMQrnAVMioihgIrYYsPX7G+J+KD7LDi4iRmLhq8lTjPM0Y1HnGKgFAJP/R7 +4Hs/BRcoIuX+GA5iMBbyzQKBgQDJeRF/qq6HR9/FC2ysUyYfkO1aMONYTfzTgWEu +DUQTdmWTzG81poLzEj+P9tBDdEt3x94OxfJgRHKNTY5nq2PRrlinPU2CnVsVwmEw +bP+EC3ZBe93eT0zFQdknWAqyyhaj3dZ0Z7e/j5XVKrQ7QeaFEV7a2mPJbN2F6NzQ +VAdlyQKBgDE4+VS0F+HmdfkQljNaGQacN0pd+IdcHeiSyhwkly6e6BQjOL167qy8 +x02y3iBSo2LgHhr3xfJ2Ang8meUui41O/D+UOrGWsni8T95Vg9EpXNmR3pV29gC4 +dfyyi0TubTv+Z1s3PkAZ5OqUkYv+hqY5ebWmuS/3LQdWaADvn9cv +-----END RSA PRIVATE KEY----- diff --git a/examples/tls/localhost.pem b/examples/tls/localhost.pem new file mode 100644 index 0000000..03ae5fa --- /dev/null +++ b/examples/tls/localhost.pem @@ -0,0 +1,47 @@ +-----BEGIN CERTIFICATE----- +MIIDVTCCAj2gAwIBAgIJAJawWnFv0vT9MA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNV +BAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0RvbmcxETAPBgNVBAcMCFNoZW5aaGVuMRMw +EQYDVQQKDApBY21lLCBJbmMuMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjAwNjE2 +MDgzOTA3WhcNMjEwNjE2MDgzOTA3WjBdMQswCQYDVQQGEwJDTjESMBAGA1UECAwJ +R3VhbmdEb25nMREwDwYDVQQHDAhTaGVuWmhlbjETMBEGA1UECgwKQWNtZSwgSW5j +LjESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAzDBLQKokCWnLrp4r/CzSWQ3asG70d2eo9mNMCUfZkpBPXsWK9czsRNSK +6CYu6AiHhdPxo+Kgla1UH31FLwLQvTQhpc5LKtynf+vYtQxRa4Y3Sq+h9o8VaIho +0WBellk4t22ge1awEAAE8JVmsBa+RmF/EmYaeg/n6F6lul5w/TRszWUA4FVq8Qji +rjMDWvTy/n57M9a9btjYUa/cVLYf1q3g9RX6JCeEsdsUWJZ9V5Em3Twb1W/rLEb6 +/Qsl8MutVkYY4llq/ppWST++ksTnHp+XM5lD/76UC9Q3361zgV+IoTVNAGTtfMg6 +OgN+utNpXlQYx7ICqFc1pa9+hfBYiwIDAQABoxgwFjAUBgNVHREEDTALgglsb2Nh +bGhvc3QwDQYJKoZIhvcNAQELBQADggEBAFbut9NmYgy+HWXrBffXTz0PC999e7FC +pXvjdBNAMSyL6hvZypo7L9J8MtomoAYUqyT+0vNA+beCfpRyYIF3jw3EnuHVp9/h +4D+lpvQpkSabCTHqs1BBPtTzVis6IbK8QX9KuFM6v7q5HGuRSssvIS0QJPZ4mq/A +M1hoTz/mwLwmq/l2pvcYX0mV7M2T6Wq0sOjWDgNBtuX79+F+wZ6JlodGccJYKt/3 +bPZOr8nfl+Mm2qHGk59Bo3Jr3iEveJTfMDWUJ9civg0PbiWDeuI3MingVNkMqC1w +dqjA8zbP0ZIUCZAgjHgp/y9DfbLOQ5/jOTZUHGwjZ62rILgPCYPNylo= +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzDBLQKokCWnLrp4r/CzSWQ3asG70d2eo9mNMCUfZkpBPXsWK +9czsRNSK6CYu6AiHhdPxo+Kgla1UH31FLwLQvTQhpc5LKtynf+vYtQxRa4Y3Sq+h +9o8VaIho0WBellk4t22ge1awEAAE8JVmsBa+RmF/EmYaeg/n6F6lul5w/TRszWUA +4FVq8QjirjMDWvTy/n57M9a9btjYUa/cVLYf1q3g9RX6JCeEsdsUWJZ9V5Em3Twb +1W/rLEb6/Qsl8MutVkYY4llq/ppWST++ksTnHp+XM5lD/76UC9Q3361zgV+IoTVN +AGTtfMg6OgN+utNpXlQYx7ICqFc1pa9+hfBYiwIDAQABAoIBAEWXMA6Z7i5HIGQj +BFqt7ALt9dqr9iW77poKvZ9sHXsWM/bY3MNpVB0hUzZLzTDHt2ilE3YHhzN8H2+c +AjhDfWD+o3kfFf9FtNCkUPdje1xqIe4SbeDaYzF9TDwP3Czhu7LIaimfIeJSH1zf +jl/1YGQcVnKu2ddAFInduB4MkfW5jIFP6zHGNThHwJcxlxmd5EE1tGm5GE8Me1YS +bkAkT8DUBqYPHDVRTfwzROvgncGfpctoLvsnc/ZVA+YWNF4c4zDxfZtZ06/Nvu4a +3KOHXVIINrvFiVlxkPwtGkMvYRufzlJtZE1IW93Zjz00ZQo+FD0pkc5Aalf2ojeb +YpGmVAECgYEA5upV1D8ReSKWFlil5s5pF/E2ElLHTVOaBrs5TZ+MIhU0POLaJJ7W +c84+ZQlxJP853PqOhTw8ozIFAMh8LDITHMmA4lNwxKXAIoHmLoe2GTLYD9N/mir5 +HaYejSEDAG7uX61hoeYzXiwuPHA759gH31zEYoXcHQqBhc3Pbpq7i/MCgYEA4l6y ++UOKpkVQZ3yWHeM6dXgUcsnMqfYlwoVvLDPZ2tq9ChlR0FXZdrG3z/X1jjvDZf/b +3Vhknuzzjm7w9vHesWZj2rhzevVxgZRw6Y02Z6uIWGJX9EupGi63nEEfZb4ThYjI +Ccm6Qdtb28kBJTSMG0xn7hlIaV8bcDrtsvqCHwkCgYAiWn6GYxOgZ+rYTDvySIcO +Ds6yjyojcOqbUcNGrxPUBj+NR1qY1CCnfel+cpcon+fl3kjRvZJv3QMtiKYglRqO +z9Oi2DMQrnAVMioihgIrYYsPX7G+J+KD7LDi4iRmLhq8lTjPM0Y1HnGKgFAJP/R7 +4Hs/BRcoIuX+GA5iMBbyzQKBgQDJeRF/qq6HR9/FC2ysUyYfkO1aMONYTfzTgWEu +DUQTdmWTzG81poLzEj+P9tBDdEt3x94OxfJgRHKNTY5nq2PRrlinPU2CnVsVwmEw +bP+EC3ZBe93eT0zFQdknWAqyyhaj3dZ0Z7e/j5XVKrQ7QeaFEV7a2mPJbN2F6NzQ +VAdlyQKBgDE4+VS0F+HmdfkQljNaGQacN0pd+IdcHeiSyhwkly6e6BQjOL167qy8 +x02y3iBSo2LgHhr3xfJ2Ang8meUui41O/D+UOrGWsni8T95Vg9EpXNmR3pV29gC4 +dfyyi0TubTv+Z1s3PkAZ5OqUkYv+hqY5ebWmuS/3LQdWaADvn9cv +-----END RSA PRIVATE KEY----- diff --git a/examples/tls/openssl.cnf b/examples/tls/openssl.cnf new file mode 100644 index 0000000..91bc35d --- /dev/null +++ b/examples/tls/openssl.cnf @@ -0,0 +1,23 @@ +# https://langui.sh/2009/02/27/creating-a-subjectaltname-sanucc-csr/ +[req] +distinguished_name = req_distinguished_name +req_extensions = req_ext # The extentions to add to the self signed cert + +[req_distinguished_name] +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = CN +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = GuangDong +localityName = Locality Name (eg, city) +localityName_default = ShenZhen +organizationName = Organization Name (eg, company) +organizationName_default = Solace, Co. +commonName = Common Name (eg, YOUR name) +commonName_max = 64 +commonName_default = localhost +[req_ext] +subjectAltName = @alt_names + +[alt_names] +DNS.1 = localhost \ No newline at end of file