Делал тупо по доке.
Сначала по этой, затем
по этой Везде использовал стандартный пасс
bgbillingКод:
[root@test BGBillingServer]# keytool -keystore .keystore -alias bgbilling -genkey -keyalg RSA -dname "cn=bill.provider.ru, email=email@provider.ru,ou=Provider Billing, o=Provider, c=RU" -validity 1001
Enter keystore password:
Re-enter new password:
Enter key password for <bgbilling>
(RETURN if same as keystore password):
Код:
[root@test BGBillingServer]# keytool -keystore .keystore -alias bgbilling -exportcert -file bgbilling.cer
Enter keystore password:
Certificate stored in file <bgbilling.cer>
Код:
[root@test BGBillingServer]# openssl x509 -inform der -in bgbilling.cer -out bgbilling.pem
Код:
[root@test BGBillingServer]# openssl genrsa -des3 -out mps.key 1024
Generating RSA private key, 1024 bit long modulus
...........................++++++
.................++++++
e is 65537 (0x10001)
Enter pass phrase for mps.key:
Verifying - Enter pass phrase for mps.key:
Код:
[root@test BGBillingServer]# openssl req -new -x509 -days 1001 -key mps.key -out mps.pem
Enter pass phrase for mps.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:RU
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Код:
[root@test BGBillingServer]# keytool -keystore .keystore -alias mps -importcert -file mps.pem
Enter keystore password:
Owner: O=Default Company Ltd, L=Default City, C=RU
Issuer: O=Default Company Ltd, L=Default City, C=RU
Serial number: d1272a4d8d670f76
Valid from: Tue Aug 08 17:06:46 MSK 2017 until: Tue May 05 17:06:46 MSK 2020
Certificate fingerprints:
MD5: D2:3F:78:E6:C6:2B:B0:07:68:AE:49:51:A6:19:33:5D
SHA1: B6:FF:2D:5E:A7:61:E2:FF:74:A0:0D:7B:BD:E1:AE:AB:4C:D9:44:DB
SHA256: 20:22:FE:6E:E1:4A:03:CB:30:92:73:30:39:CF:F0:AC:6A:A1:B0:61:AE:4A:AD:C3:A1:EB:72:64:6F:9A:09:C1
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 13 C6 76 57 75 E4 D2 5C 76 08 E7 5E DB 82 E8 C6 ..vWu..\v..^....
0010: 31 36 5B D8 16[.
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 13 C6 76 57 75 E4 D2 5C 76 08 E7 5E DB 82 E8 C6 ..vWu..\v..^....
0010: 31 36 5B D8 16[.
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
Код:
[root@test BGBillingServer]# openssl genrsa -des3 -out osmp.key 1024
Generating RSA private key, 1024 bit long modulus
.........................................++++++
...++++++
e is 65537 (0x10001)
Enter pass phrase for osmp.key:
Verifying - Enter pass phrase for osmp.key:
Код:
[root@test BGBillingServer]# openssl req -new -key osmp.key -out osmp.csr
Enter pass phrase for osmp.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Код:
[root@test BGBillingServer]# openssl x509 -req -in osmp.csr -CA mps.pem -CAkey mps.key -out osmp.pem -days 1001 -CAcreateserial -CAserial mps.seq
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd
Getting CA Private Key
Enter pass phrase for mps.key:
Код:
[root@test BGBillingServer]# openssl pkcs12 -export -in osmp.pem -inkey osmp.key -out osmp.p12
Enter pass phrase for osmp.key:
Enter Export Password:
Verifying - Enter Export Password:
Код:
[root@test BGBillingServer]# openssl x509 -inform pem -in osmp.pem -pubkey
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1Xq+GgyuDAOc9oBxDxL1yMkC6
Vt5D/et9YAWpHVbwtLjHtlWsjQKbKxZ5DNuec4oN5WhEJ6SRRmWfsNckZO6P1BGE
e5jcn65Q9QABmW8ddXVePizBEKk0UURPKnOA+GorlwQy0OJgzJCmXl4Yo3dO0ROz
DDyPqrtG34fBBkWC/wIDAQAB
-----END PUBLIC KEY-----
-----BEGIN CERTIFICATE-----
MIIB+zCCAWQCCQDkUjVZNCDA3jANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJS
VTEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBh
bnkgTHRkMB4XDTE3MDgwODE0MDc0MloXDTIwMDUwNTE0MDc0MlowQjELMAkGA1UE
BhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBD
b21wYW55IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtV6vhoMrgwDn
PaAcQ8S9cjJAulbeQ/3rfWAFqR1W8LS4x7ZVrI0CmysWeQzbnnOKDeVoRCekkUZl
n7DXJGTuj9QRhHuY3J+uUPUAAZlvHXV1Xj4swRCpNFFETypzgPhqK5cEMtDiYMyQ
pl5eGKN3TtETsww8j6q7Rt+HwQZFgv8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAA
f4wJYrqReCpqtDL0jpxKtP0MmEfD1cO7leS3W/T4nVYhDpuEWuopgIgLub/mYyQ0
d7U8lIzrGICdSlV+QJLHs9TRZRfFPK0/qRB+6O/nGEDT5XfEd0Sgct4qO/9H89qH
eGMmuyNrL7nEeyulGYJ4PSqzB21rPf914VyzlU1RAQ==
-----END CERTIFICATE-----
На компе установил сертификат
osmp.p12При попытке входа запрашивает клиентский сертификат
Конфиг модуля
Код:
mps.1.mode=1
mps.1.title=ОСМП
mps.1.protocol=osmp
mps.1.protocol.ext=1,noBaseAuth
mps.1.login=login
mps.1.passw=password
mps.1.pid=14
mps.1.search.mode=contract
mps.1.cert=1
mps.1.cert.pem=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1Xq+GgyuDAOc9oBxDxL1yMkC6Vt5D/et9YAWpHVbwtLjHtlWsjQKbKxZ5DNuec4oN5WhEJ6SRRmWfsNckZO6P1BGEe5jcn65Q9QABmW8ddXVePizBEKk0UURPKnOA+GorlwQy0OJgzJCmXl4Yo3dO0ROzDDyPqrtG34fBBkWC/wIDAQAB
mps.1.min.summ=10
mps.1.max.summ=15000
mps.1.store.original.sum=true
Всё работает.