62 lines
1.4 KiB
Plaintext
62 lines
1.4 KiB
Plaintext
REM maybe should run as admin
|
|
|
|
cd /D "%~dp0"
|
|
|
|
SET keytool="%JAVA_HOME%\bin\keytool.exe"
|
|
SET keystore=C:/lucee/tomcat/lucee-server/context/security/cacerts
|
|
SET dname=CN=dat-n-smishch1 SAML key pair, OU=dat-n-smishch1, O=NUBES, L=Moscow, C=RU
|
|
SET alias=LUCEE_SAML
|
|
SET passwd=changeit
|
|
|
|
REM it is important for Lucee to see cert
|
|
|
|
REM SET keytool=D:\railo\jdk\bin\keytool.exe
|
|
REM SET keystore=D:\railo\lib\railo-server\context\security\cacerts
|
|
REM SET dname=CN=office02 SAML key pair, OU=offiec02, O=NUBES, L=Moscow, C=RU
|
|
REM SET alias=OFFICE02_SAML
|
|
|
|
goto export
|
|
REM generate cert + key
|
|
%keytool% -v -genkeypair ^
|
|
-dname "%dname%" ^
|
|
-alias %alias% ^
|
|
-keyalg RSA ^
|
|
-keysize 2048 ^
|
|
-validity 3653 ^
|
|
-keypass %passwd% ^
|
|
-storepass %passwd% ^
|
|
-keystore %keystore%
|
|
pause
|
|
|
|
%keytool% -list ^
|
|
-alias %alias% ^
|
|
-keypass %passwd% ^
|
|
-storepass %passwd% ^
|
|
-keystore %keystore% ^
|
|
-v
|
|
pause
|
|
|
|
|
|
%cd%
|
|
REM export cert + key to p12 keystore
|
|
%keytool% -importkeystore ^
|
|
-alias %alias% ^
|
|
-srckeystore %keystore% ^
|
|
-destkeystore keystore.p12 ^
|
|
-deststoretype PKCS12 ^
|
|
-srckeypass %passwd% ^
|
|
-srcstorepass %passwd% ^
|
|
-deststorepass %passwd% ^
|
|
-destkeypass %passwd%
|
|
pause
|
|
|
|
:export
|
|
REM U should convert .p12 keystore to .pem format for sending your cert and key to adfs administrator, 'openssl pkcs12 -in keystore.p12 -out saml.pem'
|
|
%keytool% -exportcert ^
|
|
-alias %alias% ^
|
|
-keypass %passwd% ^
|
|
-keystore %keystore% ^
|
|
-storepass %passwd% ^
|
|
-rfc ^
|
|
-file LUCEE_SAML.pem
|
|
pause |