ONOS-6758 Enable TLS by default for intra-cluster communication Default key store location is config/onos.jks with password changeit Change-Id: I07cbc09abb22fd8e98fe39a012ce0a65d17d8e39

commit: 740e98ca1be5adcd04c2e2f3d6511c3831a5c337 [log] [tgz]
author: Brian O'Connor <bocon@onlab.us> Thu Jun 29 17:07:17 2017 -0700
committer: Thomas Vachuska <tom@onlab.us> Fri Jul 07 23:36:06 2017 +0000
tree: 1e0bfd1b2c6ab15489bced31de7f57e7af078298
parent: db071b265a8a4087ed8ac237782daa079b79a2af [diff] [blame]
diff --git a/tools/test/bin/onos-gen-cluster-key b/tools/test/bin/onos-gen-cluster-key
new file mode 100755
index 0000000..168a174
--- /dev/null
+++ b/tools/test/bin/onos-gen-cluster-key

@@ -0,0 +1,23 @@
+#!/bin/bash
+# ------------------------------------------------------------------------
+# This script generates a self-signed certificate and private key pair
+# and stores them in a Java keystore. This keystore can be used as the
+# keystore and trust store for client and server ends of TLS connections
+# for all nodes in the cluster.
+# ------------------------------------------------------------------------
+
+[ ! -d "$ONOS_ROOT" ] && echo "ONOS_ROOT is not defined" >&2 && exit 1
+. $ONOS_ROOT/tools/build/envDefaults
+
+[ "$1" = "-f" ] && shift && generate_new_key=true
+
+[ "$generate_new_key" = true ] && rm -f $ONOS_CLUSTER_KEY_FILE
+
+keytool -genkey -keystore $ONOS_CLUSTER_KEY_FILE \
+        -storepass $ONOS_CLUSTER_KEY_PASSWORD \
+        -keyalg RSA \
+        -alias onos \
+        -validity 3600 \
+        -keysize 2048 \
+        -dname CN=onos \
+        -keypass $ONOS_CLUSTER_KEY_PASSWORD
\ No newline at end of file
commit	740e98ca1be5adcd04c2e2f3d6511c3831a5c337	[log] [tgz]
author	Brian O'Connor <bocon@onlab.us>	Thu Jun 29 17:07:17 2017 -0700
committer	Thomas Vachuska <tom@onlab.us>	Fri Jul 07 23:36:06 2017 +0000
tree	1e0bfd1b2c6ab15489bced31de7f57e7af078298
parent	db071b265a8a4087ed8ac237782daa079b79a2af [diff] [blame]