diff --git a/cmd/runmqserver/webserver.go b/cmd/runmqserver/webserver.go index 9b218ab..9c82a1d 100644 --- a/cmd/runmqserver/webserver.go +++ b/cmd/runmqserver/webserver.go @@ -159,17 +159,17 @@ func configureSSO_TLS() error { if err != nil { return err } - log.Debug("Creating self-signed certificate in key store") - err = ks.CreateSelfSignedCertificate("default", "CN=IBMMQWeb,O=IBM,OU=Platform,C=GB") + log.Debug("Generating PKCS12 file") + err = ks.GeneratePKCS12("/mnt/tls/tls.key", "/mnt/tls/tls.crt", "/run/tls/tls.p12", "default", "password") if err != nil { return err } - log.Debug("Importing self-signed certificate into trust store") - err = ts.Import(ks.Filename, ks.Password) + log.Debug("Importing certificate into key store") + err = ks.Import("/run/tls/tls.p12", "password") if err != nil { return err } - log.Debug("Adding OIDC CA certificate to trust store") + log.Debug("Adding OIDC certificate to trust store") err = ts.Add(os.Getenv("MQ_OIDC_CERTIFICATE"), "OIDC") return err } diff --git a/install-mq.sh b/install-mq.sh index 71f5a19..cd8bdd2 100644 --- a/install-mq.sh +++ b/install-mq.sh @@ -63,7 +63,8 @@ if ($UBUNTU); then procps \ sed \ tar \ - util-linux + util-linux \ + openssl fi # Install additional packages required by MQ, this install process and the runtime scripts @@ -82,7 +83,8 @@ $RHEL && yum -y install \ procps-ng \ sed \ tar \ - util-linux + util-linux \ + openssl # Download and extract the MQ installation files DIR_EXTRACT=/tmp/mq @@ -139,7 +141,7 @@ rm -rf ${DIR_EXTRACT} # Apply any bug fixes not included in base Ubuntu or MQ image. # Don't upgrade everything based on Docker best practices https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#run -$UBUNTU && apt-get install -y libapparmor1 --only-upgrade +$UBUNTU && apt-get install -y libsystemd0 systemd systemd-sysv libudev1 --only-upgrade # End of bug fixes # Clean up cached files diff --git a/internal/keystore/keystore.go b/internal/keystore/keystore.go index 78d582b..2f4b759 100644 --- a/internal/keystore/keystore.go +++ b/internal/keystore/keystore.go @@ -125,6 +125,15 @@ func (ks *KeyStore) CreateStash(log *logger.Logger) error { return nil } +// GeneratePKCS12 generates a PKCS12 file +func (ks *KeyStore) GeneratePKCS12(keyFile, crtFile, pkcs12File, label, password string) error { + out, _, err := command.Run("openssl", "pkcs12", "-export", "-inkey", keyFile, "-in", crtFile, "-out", pkcs12File, "-name", label, "-passout", "pass:"+password) + if err != nil { + return fmt.Errorf("error running \"openssl pkcs12 -export\": %v %s", err, out) + } + return nil +} + // Import imports a certificate file in the keystore func (ks *KeyStore) Import(inputFile, password string) error { out, _, err := command.Run(ks.command, "-cert", "-import", "-file", inputFile, "-pw", password, "-target", ks.Filename, "-target_pw", ks.Password, "-target_type", ks.keyStoreType) diff --git a/mq-advanced-server-rhel/mq-buildah.sh b/mq-advanced-server-rhel/mq-buildah.sh index 7b6bfeb..d16d351 100755 --- a/mq-advanced-server-rhel/mq-buildah.sh +++ b/mq-advanced-server-rhel/mq-buildah.sh @@ -57,7 +57,8 @@ buildah run $ctr_mq -- yum install -y --setopt install_weak_deps=false --setopt= procps-ng \ sed \ tar \ - util-linux + util-linux \ + openssl # Clean up cached files buildah run $ctr_mq -- yum clean all