commit | c6e58c7e7fade369e64c6eaee23a5b72f37a7ace | [log] [tgz] |
---|---|---|
author | Ramesh Iyyar <rameshi1@in.ibm.com> | Tue Jul 16 08:52:47 2019 -0500 |
committer | Ramesh Iyyar <rameshi1@in.ibm.com> | Fri Jul 19 00:33:21 2019 -0500 |
tree | 097af99ee6d75f272ab306be235b60472598ad57 | |
parent | cd30c496c8e4c9aec66e65ba16430dd2e0f86395 [diff] |
Generate RSA Private Key file during application startup Generating RSA private key file during application startup if rsa key file is not found. Here, the rsa private key file is a hidden file (.rsaprivkey.pem) and placed in certificate file install path which is given during application startup. This generated rsa private key file will be used to create private key and csr files if certificate manager received the generateCSR request with key pair algorithm as RSA. So, the every time rsa key generation is avoided, because rsa key is generated with keybitlength as 2048 during application startup. From this change, certificate manager will support only 2048 as key bit length to generated rsa key pair. If user given other than 2048, application will throw error. Tested By: - Added below unit test case * To check rsa private key file is generated during application startup. * To validate unsupported key bit length. * To check rsa private key file is present or not. * To check rsa private key is picked from rsa private key file while receive the generateCSR request. - Manual test case * Restarted certificate manager application to check rsa private key file is generated. systemctl restart phosphor-certificate-manager@bmcweb.service * Invoked genearteCSR request by using curl command to check generated rsa private key file is used to create private key and csr file. curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST https://${bmc}/redfish/v1/CertificateService/Actions/ CertificateService.GenerateCSR/ -d @generate_https.json Change-Id: I876779f1ab36f52774c52041d68304a610ea261b Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
Certificate management allows to replace the existing certificate and private key file with another (possibly CA signed) Certificate key file. Certificate management allows the user to install both the server and client certificates.
To build this package, do the following steps: 1. ./bootstrap.sh 2. ./configure ${CONFIGURE_FLAGS} 3. make To clean the repository run `./bootstrap.sh clean`.