When deployed the containers based on the Dockerized Test Deployment instructions, I had to make the following adjustments on Amazon Linux and RHEL 8:
- Docker Compose
While the 'docker compose' command works fine on a MacBook, I had to add a hyphen in the following commands on Amazon Linux and RHEL:
docker-compose up
docker-compose --profile frontend up
- Storage SQL
I kept getting an error about Docker not being able to find mysql. I had to switch it to from 'mysql' to 'mariadb' as shown below:
docker exec -i ctfe-db mariadb -pzaphod -Dtest < ./storage/mysql/schema/storage.sql
- Fake CA Certificate
The fake-ca.cert file is located in the certificate-transparency-go project rather than the trillian project. I had to update the following line to point to the correct directory:
cp ~/git/certificate-transparency-go/trillian/testdata/fake-ca.cert ${CTFE_CONF_DIR}
- EC Public Key
After provisioning the log, I had to import the public key into my CA software (EJBCA) to enable the certificate transparency function. But, I had to create my own script to convert the DER public key into a PEM key file that could be imported into EJBCA. It would be great to have another step and script to automatically create the EC public key file. Below is a simple Python script:
import binascii
der_data = b"\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\xd8\x8a\x49\xa2\x15\x3c\xbe\xb5\xb7\x6c\x63\xdc\xfd\xc0\x36\x64\x24\x88\xc3\x57\x9d\xfa\xd4\xa8\x70\x78\x32\x72\x29\x1a\xb1\x6f\xa1\x44\x03\x42\x00\x04\x44\x6d\x69\x2c\x00\xec\xf3\xc7\xbb\x87\x7e\x57\xea\x04\xc3\x4b\x49\x01\xc4\x9a\x19\xf2\x49\x9b\x4c\x44\x1c\xac\xe0\xff\x27\x11\xce\x94\xa8\x85\xd9\xed\x42\x22\x5c\x54\xf6\x33\x73\xa3\x3d\x8b\xe8\x53\x48\xf5\x57\x50\x61\x96\x30\x5b\xc4\x9b\xa3\x04\xc3\x4b"
Convert DER to PEM format
pem_data = b"-----BEGIN PUBLIC KEY-----\n"
pem_data += binascii.b2a_base64(der_data).replace(b'\n', b'')
pem_data += b"\n-----END PUBLIC KEY-----\n"
Replace 'keyfile.pem' with the desired filename
with open('keyfile.pem', 'wb') as f:
f.write(pem_data)
print("PEM key file created successfully.")
When deployed the containers based on the Dockerized Test Deployment instructions, I had to make the following adjustments on Amazon Linux and RHEL 8:
While the 'docker compose' command works fine on a MacBook, I had to add a hyphen in the following commands on Amazon Linux and RHEL:
docker-compose up
docker-compose --profile frontend up
I kept getting an error about Docker not being able to find mysql. I had to switch it to from 'mysql' to 'mariadb' as shown below:
docker exec -i ctfe-db mariadb -pzaphod -Dtest < ./storage/mysql/schema/storage.sql
The fake-ca.cert file is located in the certificate-transparency-go project rather than the trillian project. I had to update the following line to point to the correct directory:
cp ~/git/certificate-transparency-go/trillian/testdata/fake-ca.cert ${CTFE_CONF_DIR}
After provisioning the log, I had to import the public key into my CA software (EJBCA) to enable the certificate transparency function. But, I had to create my own script to convert the DER public key into a PEM key file that could be imported into EJBCA. It would be great to have another step and script to automatically create the EC public key file. Below is a simple Python script:
import binascii
der_data = b"\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\xd8\x8a\x49\xa2\x15\x3c\xbe\xb5\xb7\x6c\x63\xdc\xfd\xc0\x36\x64\x24\x88\xc3\x57\x9d\xfa\xd4\xa8\x70\x78\x32\x72\x29\x1a\xb1\x6f\xa1\x44\x03\x42\x00\x04\x44\x6d\x69\x2c\x00\xec\xf3\xc7\xbb\x87\x7e\x57\xea\x04\xc3\x4b\x49\x01\xc4\x9a\x19\xf2\x49\x9b\x4c\x44\x1c\xac\xe0\xff\x27\x11\xce\x94\xa8\x85\xd9\xed\x42\x22\x5c\x54\xf6\x33\x73\xa3\x3d\x8b\xe8\x53\x48\xf5\x57\x50\x61\x96\x30\x5b\xc4\x9b\xa3\x04\xc3\x4b"
Convert DER to PEM format
pem_data = b"-----BEGIN PUBLIC KEY-----\n"
pem_data += binascii.b2a_base64(der_data).replace(b'\n', b'')
pem_data += b"\n-----END PUBLIC KEY-----\n"
Replace 'keyfile.pem' with the desired filename
with open('keyfile.pem', 'wb') as f:
f.write(pem_data)
print("PEM key file created successfully.")