You can use the OpenSSL program
to create digital certificates for use with tests.
Procedure
-
Create a certificate authority (CA).
For the
purposes of testing, this CA takes the place of a recognized CA on
the Internet, such as VeriSign. You use this CA to digitally sign
each certificate that you plan to use for testing.
-
Create a certificate request (CSR) file. The "subject"
(-subj) describes the user of the certificate. Enter dummy values
as shown. The following command line sets the password for the certificate
to abcdefg.
openssl req -passout pass:abcdefg -subj
"/C=US/ST=IL/L=Chicago/O=HCL Technologies/OU=HCL Software Group/CN=HCL
DevOps Test Performance CA/emailAddress=hop@hcl.com" -new >
waipio.ca.cert.csr
-
Create a key file, waipio.ca.key, to store the private key.
This removes the password
protection from the certificate request file so that you do not have
to type the password every time you sign a certificate. Because the
password protection has been removed, use the certificate request
file for testing purposes only.
openssl
rsa -passin pass:abcdefg -in privkey.pem -out waipio.ca.key
-
Create an X.509 digital certificate from the certificate
request. The following command line creates a certificate signed with
the CA private key. The certificate is valid for 365 days.
openssl x509 -in waipio.ca.cert.csr -out waipio.ca.cert
-req -signkey waipio.ca.key -days 365
-
Create a PKCS#12-encoded file containing the certificate
and private key. The following command line sets the password on the
P12 file to default. Test Performance uses password of default for all
PKCS#12 files by default.
openssl pkcs12
-passout pass:default -export -nokeys -cacerts -in waipio.ca.cert
-out waipio.ca.cert.p12 -inkey waipio.ca.key
You now have a CA certificate (waipio.ca.cert), which can be installed into the web server under test and a private
key file (waipio.ca.key) that you can use to
sign user certificates.
-
Create a digital certificate for a user.
-
Create a CSR file for the user. Set the initial password
to abc. Optionally, provide an appropriate
subject.
openssl req -passout pass:abc -subj
"/C=US/ST=IL/L=Chicago/O=HCL Technologies/OU=HCL Software Group/CN=John
Smith/emailAddress=smith@hcl.com" -new > johnsmith.cert.csr
-
Create a private key file without a password.
openssl rsa -passin pass:abc -in privkey.pem -out johnsmith.key
-
Create a new X.509 certificate for the new user, digitally
sign it using the user's private key, and certify it using the CA
private key. The following command line creates a certificate which
is valid for 365 days.
openssl x509 -req
-in johnsmith.cert.csr -out johnsmith.cert -signkey johnsmith.key
-CA waipio.ca.cert -CAkey waipio.ca.key -CAcreateserial -days 365
- Optional:
Create a DER-encoded version of
the public key. This file contains only the public key, not the private
key. Because it does not contain the private key, it can be shared,
and does not need to be password protected.
openssl x509 -in johnsmith.cert -out johnsmith.cert.der -outform
DER
-
Create a PKCS#12-encoded file. The following command
line sets the password on the P12 file to default.
openssl pkcs12 -passout pass:default
-export -in johnsmith.cert -out johnsmith.cert.p12 -inkey johnsmith.key
Repeat this step to create as many digital certificates as needed
for testing. Keep the key files secure, and delete them when they
are no longer needed. Do not delete the CA private key file. You need
the CA private key file to sign certificates.
Results
Now you can install the CA certificate (waipio.ca.cert) into WebSphere®. Optionally,
create a user certificate specifically for your web server, and install
it into WebSphere®.
You can use user certificates individually to record tests. To
use the user certificates (johnsmith.cert.p12) during test editing and playback, compress them in ZIP format to
a file with the .rcs extension. This creates a digital certificate
store. To learn more digital certificate stores, see Creating a digital certificate store. You can also import user certificates
into your web browser to interactively test them in your environment.