virtualenv venv
. venv/bin/activate
pip install -r requirements.txt
. venv/bin/activate
pykmip-server -f server.conf -l ./log
. venv/bin/activate
python client.py
A set of certificates that's need are checked in - /certs
They are generated by using https://github.com/OpenKMIP/PyKMIP/blob/master/bin/create_certificates.py
which you can easily do it yourself if they expire (or if you simply feel like it).
# certification format conversion
openssl x509 -in certs/client_certificate_jane_doe.pem -outform DER -out client_certificate_jane_doe.der
# keypair format conversion
openssl pkcs8 -in certs/client_key_jane_doe.pem -outform DER -out client_key_jane_doe.der -nocrypt
# show certificate
openssl x509 -in certs/client_certificate_jane_doe.pem -text -noout
# export client's key and cert into PKCS12 (a container for this kind of purpose)
# you would be prompted with a password and you'd need to provide it
openssl pkcs12 -export \
-in certs/client_certificate_jane_doe.pem \
-inkey certs/client_key_jane_doe.pem -name client -out client_jane_doe.p12
# import client bundle into a new keystore
# you will be prompted for the password you just set
keytool -importkeystore \
-srckeystore client_jane_doe.p12 -srcstoretype PKCS12 \
-destkeystore keystore.jks -deststorepass password
# import the CA bundle (just one) into the keystore
keytool -import -noprompt \
-alias root -trustcacerts -file certs/root_certificate.pem -keystore keystore.jks \
-storepass password
# inspect what's inside the keystore
keytool -list -keystore keystore.jks -storepass password -v