Skip to content

How to run Always Encrypted tests locally

Jump to bottom
lilgreenbird edited this page Oct 17, 2022 · 5 revisions

This wiki explains how to create the certificates that are necessary to run the Always Encrypted junit tests.

How to generate the certificate files in Windows

  1. Start Powershell
  2. Cd to Desktop (or anywhere that you would like to create a folder that holds the certificates).
  3. Run the below commands:
mkdir AE_Certificates
cd AE_Certificates
$certPass = "password"
$cert = New-SelfSignedCertificate -dns "AlwaysEncryptedCert" -CertStoreLocation Cert:CurrentUser\My
$pwd = ConvertTo-SecureString -String $certPass -Force -AsPlainText
$path = 'cert:\CurrentUser\My\' + $cert.thumbprint
$certificate = Export-PfxCertificate -cert $path -FilePath cert.pfx -Password $pwd 
Get-ChildItem -path cert:\CurrentUser\My > certificate.txt
keytool -importkeystore -srckeystore cert.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype pkcs12 -srcstorepass $certPass -deststorepass $certPass
keytool -list -v -keystore clientcert.jks -storepass $certPass > JavaKeyStoreBase.txt
Get-Content .\JavaKeyStoreBase.txt | Set-Content -Encoding utf8 JavaKeyStore.txt
Remove-Item –path .\JavaKeyStoreBase.txt
  1. Four files: cert.pfx, certificate.txt, clientcert.jks, and JavaKeyStore.txt should have been created inside AE_Certificates folder.
  2. Copy those four files over to <your_cloned_branch_folder_directory>/target/test-classes/. (the target folder should be created when you compile the project. The target folder is on the same level as the src folder)

How to generate the certificate files in Linux

  1. Start command line.
  2. Cd to Desktop (or anywhere that you would like to create a folder that holds the certificates).
  3. Run the below commands:
mkdir AE_Certificates
cd AE_Certificates
openssl req -newkey rsa:2048 -x509 -keyout cakey.pem -out cacert.pem -days 3650 -subj "/C=US/ST=WA/L=Redmond/O=Microsoft Corporation/OU=SQL Server/CN=JDBC Driver" -nodes
openssl pkcs12 -export -in cacert.pem -inkey cakey.pem -out identity.p12 -password pass:password
keytool -importkeystore -destkeystore clientcert.jks -deststorepass password -srckeystore identity.p12 -srcstoretype PKCS12 -srcstorepass password
keytool -list -v -keystore clientcert.jks -storepass "password" > JavaKeyStore.txt
  1. Four files: cert.pfx, certificate.txt, clientcert.jks, and JavaKeyStore.txt should have been created inside AE_Certificates folder.
  2. Copy those four files over to <your_cloned_branch_folder_directory>/target/test-classes/. (the target folder should be created when you compile the project. The target folder is on the same level as the src folder)
Clone this wiki locally