+ Copy File To Odl System ${ODL_SYSTEM_IP} ${USER_HOME}/clientcert.pem
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... ${JAVA_HOME}/bin/keytool -import -trustcacerts -file clientcert.pem -keystore ${KEYSTORE_PATH} -storepass 123456 -noprompt
+ Log Certificates in Keystore
+ Restart Jetty
+
+Generate Server CA Signed Certificate
+ [Documentation] Generates a server certificate and signs it with own root CA
+ #Generates Root CA key and certificate (note this has to be self-signed)
+ Log Certificates in Keystore
+ Run openssl genrsa -out ${USER_HOME}/rootCA.key 2048
+ Run
+ ... openssl req -x509 -new -nodes -key ${USER_HOME}/rootCA.key -sha256 -days 1024 -out ${USER_HOME}/rootCA.pem -subj "/C=ES/ST=Madrid/L=Madrid/O=FakeCA/OU=FakeCA_ODL/CN=www.fakeca.com/emailAddress=unknown@fakeca.com"
+ #Generate server CSR
+ Run openssl genrsa -out ${USER_HOME}/server.key 2048
+ Run
+ ... openssl req -new -key ${USER_HOME}/server.key -out ${USER_HOME}/server.csr -subj "/C=ES/ST=Madrid/L=Madrid/O=OpenDayLight/OU=AAA/CN=${ODL_SYSTEM_IP}/emailAddress=unknown@unknown.com"
+ #Sign CSR
+ Run
+ ... openssl x509 -req -in ${USER_HOME}/server.csr -CA ${USER_HOME}/rootCA.pem -CAkey ${USER_HOME}/rootCA.key -CAcreateserial -out ${USER_HOME}/server.crt -days 500 -sha256
+ # Convert to pkcs12 (including public and private key together)
+ Run
+ ... openssl pkcs12 -export -in ${USER_HOME}/server.crt -inkey ${USER_HOME}/server.key -out ${USER_HOME}/server.p12 -name odl -passin pass:myPass -passout pass:myPass
+ Copy File To Odl System ${ODL_SYSTEM_IP} ${USER_HOME}/server.p12
+ # Import Certifcate into keystore
+ ${KEYSTORE_DIR} Split Path ${KEYSTORE_PATH}
+ Run Command On Remote System ${ODL_SYSTEM_IP} mkdir -p ${KEYSTORE_DIR[0]}
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... ${JAVA_HOME}/bin/keytool -importkeystore -deststorepass 123456 -destkeypass myPass -destkeystore ${KEYSTORE_PATH} -srckeystore ${USER_HOME}/server.p12 -srcstoretype PKCS12 -srcstorepass myPass -alias odl
+ Log Certificates in Keystore
+ Restart Jetty
+
+Generate Client CA Signed Certificate
+ [Documentation] Generates a client certificate and signs it with own root CA
+ #Generates Root CA key and certificate (note this has to be self-signed)
+ Log Certificates in Keystore
+ Run openssl genrsa -out ${USER_HOME}/rootCA_for_clients-key.pem 2048
+ Run
+ ... openssl req -x509 -new -nodes -key ${USER_HOME}/rootCA_for_clients-key.pem -sha256 -days 1024 -out ${USER_HOME}/rootCA_for_clients-cert.pem -subj "/C=ES/ST=Madrid/L=Madrid/O=FakeCA_ForClient/OU=FakeCA_ForClient/CN=www.fakecaforclients.com/emailAddress=unknown@fakecaforclients.com"
+ #Generate client CSR
+ Run openssl genrsa -out ${USER_HOME}/client_ca_signed-key.pem 2048
+ Run
+ ... openssl req -new -key ${USER_HOME}/client_ca_signed-key.pem -out ${USER_HOME}/client_ca_signed.csr -subj "/C=ES/ST=Madrid/L=Madrid/O=OpenDayLight/OU=RestClient/CN=RestClient/emailAddress=unknown@unknownclient.com"
+ #Sign CSR
+ Run
+ ... openssl x509 -req -in ${USER_HOME}/client_ca_signed.csr -CA ${USER_HOME}/rootCA_for_clients-cert.pem -CAkey ${USER_HOME}/rootCA_for_clients-key.pem -CAcreateserial -out ${USER_HOME}/client_ca_signed-cert.pem -days 500 -sha256
+ Copy File To Odl System ${ODL_SYSTEM_IP} ${USER_HOME}/rootCA_for_clients-cert.pem
+ # Import RootCA Certifcate into keystore
+ ${KEYSTORE_DIR} Split Path ${KEYSTORE_PATH}
+ Run Command On Remote System ${ODL_SYSTEM_IP} mkdir -p ${KEYSTORE_DIR[0]}
+ Run Command On Remote System
+ ... ${ODL_SYSTEM_IP}
+ ... ${JAVA_HOME}/bin/keytool -import -trustcacerts -file rootCA_for_clients-cert.pem -keystore ${KEYSTORE_PATH} -storepass 123456 -noprompt