hi everyone in the second step we have to generate a certificate authority for signing if you have already an existing CA then you don’t you can skip this step if you don’t have any certificate authority then you can create by using open SSL utility so before going you know and generating our own CA I want to give you some background so the certificate which we created in the previous step which is unkind which means so the attackers are anyone can force the same certificate and they can use so just to avoid the four certificates we will sign those certificates with the CA certificate authority so so like CA works like a government authority so so what about the certificate I mean if you use a certificate without the CA then it is invalid so that is the reason in this step we have to create the C and we can use it in the future so if you see here by using the open SSL utility I am going to create a CA okay so we can use openness isn’t requesting a new x.509 certificate and it contains a key and a certificate so the key out would be and giving them the Nia knives CA key and just out this is the CA certificate I am giving the name as CA certificate and here also we have to give the validity that is days I mean when do you want this ei to X file so I gave the three six five preferably it’s better to give you know long value okay so it is asking for p.m. as so it remember that every step in the previous step when you’re creating your [Music] certificate Biggio some password so remember that password and while creating our CA Percy a key we are giving another password so remember these things okay I gave some password no verification enter the same password again okay entered and it is asking fugitives I just okay otherwise yeah I am gives the okay so otherwise you can enter so by default it okay so I gave test test is test values not taking because they just want to later code so I just I don’t want to give anything as just enter which means it will just take a you so we can just enter so it will take by default values okay so if you see I see a certificate and see a key are created so in future we will see how to sign our you know the generated CA I mean how can we sign our the generated certificate in step one by using the generated certificate authority so in this step we have to sign all certificate generated in step one with the CA generated in step two so how can we sign that we will see that so here we have two comments the first one is from server dot key store the jks this is the certificate which we created in step one from this we are you know extracting our certificate and then by using the CA certificate we are signing it okay once again from our key store we are extracting the certificate and then we are signing with our CA so this is a simple step I will show you how can we do that okay I have to accept some server turkey store so what can I do to do that we can use the utility key tool key to key store so here we have to give our key store details that is server dot key store dot J KS Elias local host and certificate request and the file end would be third sorry so we have to enter the keystore password this is nothing but that the our first password which we gave it the time of generating our key store that is nothing but the step 1 okay if you see the list file I have the third file so this is actually the certificate of the broker our our machine so by using the step 1 we can just create the keystore file it won’t exactly create the certificate file so in this step we just extracted the certificate file from the key store and now we have to sign this certificate with CA so we can just copy testing the comment so instead of typing so here this is the name of the CA certificate and then this is the name of the CA key and this is input certificate that is our certificate file and what would be the output output is nothing but the science as we get so that is why we gave the relevant name that is search send and the validity we can give validity anything but I will gives 365 and this one the password we have to give the CA password this is nothing but the password which we give in the second step so in my case this 6 5 4 3 2 1 ok you can see this here signature ok if you see here the signed certificate is created so if you use only one server or if you have only one server then do it only for that server if you have a cluster of server then you have to repeat all these steps for all these brokers so the next step is we have to import the CA and sin certificate to the broker keystrokes so in a previous step these signed our certificate with the CA so in this step we have to import the signed certificate and CA the you know clicky store so for that we have to use the key tool utility and these are the comments I’ll show you how can we do that okay so we can just use key tool and followed by key store and the keystore file server dot key store JK’s and le s if we gave it s so if you so if you want to input the C effort then CA cert Elias lien is CA root and then we are inputting the file name that is ca – silt now we have to give the keystore password that is first one it is asking Plus this certificate so type is we are good the certificate was added to Keystone and now so in this step we imported the CA certificate now we also have to you know input the signed certificate so the alias name for the certificate is localhost input and the file name is certs and I am NOT wrong it is third sign the keystore password again the one which we gave in the step 1 certificate requires installing Keystone so it is successful now this server that key stored jks it contains CA certificate and certificate sign and certificate file ok in this step input CA to client restore and broker trust or so I will explain you where we will use this for now just you know import the CA certificate into the trustor then we will see where we will use it so by using keytool utility so keystore that is the trust oh and so we are importing the CA certificate so the alias name is Sierra I don’t want to give client trust or I want to give it as Sir Walter Scott okay we have the greatest Oh password this is the first one again and again interesting it is if you see we have server keys to server cluster so if you have any questions you know by following these five steps so reach out to me you know I’m glad to help you thank you guys

Tags:






Youtube
Facebook
Google Plus
Twitter
TutorialDrive


Apache Zookeeper Tutorial

Apache Kafka Tutorial

Apache Kafka Security

Elasticserarch n Kibana

Java 8 Tutorial

Log4J Tutorial

Apache Storm Tutorial

SQLite Tutorial

Apache Ant Tutorial

Related Posts

blog

Apache Kafka Commands Cheat sheet

Spread the loveKafka Topics List existing topics bin/kafka-topics.sh –zookeeper localhost:2181 –list Purge a topic bin/kafka-topics.sh –zookeeper localhost:2181 –alter –topic mytopic –config retention.ms=1000 … wait a minute … bin/kafka-topics.sh –zookeeper localhost:2181 –alter –topic mytopic –delete-config retention.ms
Read more…

blog

What is Apache Maven | Apache Maven complete tutorial from scratch pdf

Spread the love In this post you will learn the complete tutorial of Apache Maven build tool What is Maven ? Apache Maven is a software project management and comprehension tool. Based on the concept
Read more…

blog

Practical Guide for Web Development in 2018

Spread the loveWelcome to my practical guide  for web development in 2018 in terms of  technology and career. Before we start I just want to  mention a few things, you don’t need to learn  everything that
Read more…