Skip to content

How to run Always Encrypted tests locally

Jump to bottom
Peter Bae edited this page Jul 28, 2017 · 5 revisions

Now that more Always Encrypted tests are showing up on GitHub, some users may be having trouble with running tests against the AE test suite, due to the necessary certificate files. This wiki explains in detail how to create the certificates.

How to generate the certificate files in Windows

Basically, we are going to manually perform the steps from Appveyor.yml:

  1. Start Powershell
  2. Cd to Desktop (or anywhere that you would like to create a folder that holds the certificates).
  3. Run the below commands:
mkdir AE_Certificates

cd AE_Certificates

$cert = New-SelfSignedCertificate -dns "AlwaysEncryptedCert" -CertStoreLocation Cert:CurrentUser\My

$pwd = ConvertTo-SecureString -String "password" -Force -AsPlainText

$path = 'cert:\CurrentUser\My\' + $cert.thumbprint

$certificate = Export-PfxCertificate -cert $path -FilePath cert.pfx -Password $pwd 

Get-ChildItem -path cert:\CurrentUser\My > certificate.txt

keytool -importkeystore -srckeystore cert.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS -srcstorepass password -deststorepass password

keytool -list -v -keystore clientcert.jks -storepass "password" > JavaKeyStore.txt

  1. Four files, namely cert.pfx, certificate.txt, clientcert.jks, and JavaKeyStore.txt should have been created inside AE_Certificates folder.

  2. Copy those four files over to <your_cloned_branch_folder_directory>/target/test-classes/. (the target folder should be created when you compile the project. The target folder is on the same level as the src folder)

How to generate the certificate files in Linux

Basically, we are going to manually perform the steps from travis.yml:

  1. Start command line.
  2. Cd to Desktop (or anywhere that you would like to create a folder that holds the certificates).
  3. Run the below commands:
mkdir AE_Certificates

cd AE_Certificates

openssl req -newkey rsa:2048 -x509 -keyout cakey.pem -out cacert.pem -days 3650 -subj "/C=US/ST=WA/L=Redmond/O=Microsoft Corporation/OU=SQL Server/CN=JDBC Driver" -nodes

openssl pkcs12 -export -in cacert.pem -inkey cakey.pem -out identity.p12 -password pass:password

keytool -importkeystore -destkeystore clientcert.jks -deststorepass password -srckeystore identity.p12 -srcstoretype PKCS12 -srcstorepass password

keytool -list -v -keystore clientcert.jks -storepass "password" > JavaKeyStore.txt

  1. Four files, namely cert.pfx, certificate.txt, clientcert.jks, and JavaKeyStore.txt should have been created inside AE_Certificates folder.

  2. Copy those four files over to <your_cloned_branch_folder_directory>/target/test-classes/. (the target folder should be created when you compile the project. The target folder is on the same level as the src folder)

Clone this wiki locally