Introduction

The Data Generator utility generates deployment-specific private keys, certificates, and keystores as needed by the web application portion of the Direct Certificate Discovery Tool.

The user is required to specify the target deployment domain at runtime, as explained below.

Command Line

The utility is invoked on the command line:

$ ./datagen.sh --help
Usage:
datagen [--help -d <name> -o <path>]
  --help                Print help information.
  -d (--domain) name    Domain name to generate certificates for.
  -o (--out) path       Path to the output archive file.

Required Options

  -d (--domain) name    Domain name to generate certificates for.

Optional Options

  -o (--out) path       Path to the output archive file.

• The default value of the -o (--out) option is: <script path>/../out/datagen/<domain>-data.zip

Example

$ ./datagen.sh -d localhost
Successfully built Certificate Authority (CA) entry: name=localhost_ca, path=ca, keyBits=1024, validDays=365, dn={CN=localhost_ca,O=localhost_ca}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts500_valid_cert_record, path=, keyBits=1024, validDays=365, dn={E=dts500@direct1.localhost,CN=dts500_valid_cert_record,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=othercert, path=, keyBits=1024, validDays=365, dn={E=othercert@direct1.localhost,CN=othercert,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts501_valid, path=, keyBits=1024, validDays=365, dn={E=direct1.localhost,CN=dts501_valid,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=direct9.localhost, path=, keyBits=1024, validDays=365, dn={E=direct9.localhost,CN=direct9.localhost,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts500_valid_ldap, path=, keyBits=1024, validDays=365, dn={E=dts500@direct1.localhost,CN=dts500_valid_ldap,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts501_valid_ldap, path=, keyBits=1024, validDays=365, dn={E=direct1.localhost,CN=dts501_valid_ldap,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts501_expired, path=, keyBits=1024, validDays=0, dn={E=dts501@direct1.localhost,CN=dts501_expired,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts502, path=, keyBits=4096, validDays=365, dn={E=dts502@direct1.localhost,CN=dts502,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts505_expired_cert_record, path=, keyBits=1024, validDays=0, dn={E=dts505@direct2.localhost,CN=dts505_expired_cert_record,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts505_mac, path=, keyBits=1024, validDays=365, dn={E=dts505@direct2.localhost,CN=dts505_mac,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts515_mac, path=, keyBits=1024, validDays=365, dn={E=direct2.localhost,CN=dts515_mac,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts515_address_bound, path=, keyBits=1024, validDays=365, dn={E=dts515@direct2.localhost,CN=dts515_address_bound,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts506_ldap_1_mac, path=, keyBits=1024, validDays=365, dn={E=dts506@direct2.localhost,CN=dts506_ldap_1_mac,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts506_ldap_2, path=, keyBits=1024, validDays=365, dn={E=dts506@direct2.localhost,CN=dts506_ldap_2,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts507, path=, keyBits=1024, validDays=365, dn={E=dts507@direct3.localhost,CN=dts507,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts517, path=, keyBits=1024, validDays=365, dn={E=dts517@direct3.localhost,CN=dts517,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts520_invalid_address_cert, path=, keyBits=1024, validDays=0, dn={E=dts520@direct5.localhost,CN=dts520_invalid_address_cert,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts520_invalid_domain_cert, path=, keyBits=1024, validDays=0, dn={E=direct5.localhost,CN=dts520_invalid_domain_cert,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts520_invalid_address_ldap, path=, keyBits=1024, validDays=0, dn={E=dts520@direct5.localhost,CN=dts520_invalid_address_ldap,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts520_invalid_domain_ldap, path=, keyBits=1024, validDays=0, dn={E=direct5.localhost,CN=dts520_invalid_domain_ldap,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts512_expired_address_cert, path=, keyBits=1024, validDays=0, dn={E=dts512@direct6.localhost,CN=dts512_expired_address_cert,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=expired_direct6_domain_cert, path=, keyBits=1024, validDays=0, dn={E=direct6.localhost,CN=expired_direct6_domain_cert,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts501_valid_add_ldap, path=, keyBits=1024, validDays=365, dn={E=dts501@direct1.localhost,CN=dts501_valid_add_ldap,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=direct2.localhost_invalid_dns, path=, keyBits=1024, validDays=0, dn={E=direct2.localhost,CN=direct2.localhost_invalid_dns,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts515_invalid_dns_address, path=, keyBits=1024, validDays=0, dn={E=dts515@direct2.localhost,CN=dts515_invalid_dns_address,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully built leaf entry: name=dts515_invalid_ldap_address, path=, keyBits=1024, validDays=0, dn={E=dts515@direct2.localhost,CN=dts515_invalid_ldap_address,O=localhost}, issuer={, issuer={name=localhost_ca, path=ca, dn={CN=localhost_ca,O=localhost_ca}}
Successfully wrote output file: out/datagen/localhost-data.zip

Deployment

• The generated zip file contains all of the private keys, certificates, and keystores needed for all of the Tool test cases.
• Each certificate must be placed in its correct destination (DNS, LDAP service, address-bound, domain-bound) in accordance with the 2.1 Installation Worksheet.
• The Data Loader and LDAP Loader utilities completely automate this process and are recommended to be used, if possible.