Selaa lähdekoodia

Container SSL README.md changed to create_ca_and_ee.sh (#559)

* Rename README.md

README.md wasn't actually a readme but an example for how
to make a simple pki.

* Updating ssl script

+ Adding shebang line (#!/usr/bin/env bash)
+ Adding variables for key type and subject
+ Adding comments
+ Adding openssl verify
pull/562/head
John Steel 4 vuotta sitten
committed by GitHub
vanhempi
commit
4c703e69ae
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 muutettua tiedostoa jossa 18 lisäystä ja 4 poistoa
  1. +0
    -4
      containers/ssl/README.md
  2. +18
    -0
      containers/ssl/create_ca_and_ee.sh

+ 0
- 4
containers/ssl/README.md Näytä tiedosto

@@ -1,4 +0,0 @@
openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=Root-CA"
openssl x509 -outform pem -in RootCA.pem -out RootCA.crt
openssl req -new -nodes -newkey rsa:2048 -keyout lesspass.key -out lesspass.csr -subj "/C=FR/ST=Gironde/L=Bordeaux/O=LessPass/CN=lesspass.local"
openssl x509 -req -sha256 -days 1024 -in lesspass.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out lesspass.crt

+ 18
- 0
containers/ssl/create_ca_and_ee.sh Näytä tiedosto

@@ -0,0 +1,18 @@
#!/usr/bin/env bash
# This script will create a custom Certificate Authority (CA) and End Entity (EE) certificates.
#
# for local development this should be fine and you can ignore certificate trust errors related to
# an untrusted root. For public facing access, you can submit the generated lesspass.csr to a trusted
# ca so that they can provide you with a trusted certificate to replace this development certificate.

CA_CRT_SUBJ="${CA_CRT_SUBJ:-/C=US/CN=Root-CA}"
CA_KEY_TYPE="${CA_KEY_TYPE:-rsa:2048}"
EE_CRT_SUBJ="${EE_CRT_SUBJ:-/C=FR/ST=Gironde/L=Bordeaux/O=LessPass/CN=lesspass.local}"
EE_KEY_TYPE="${EE_KEY_TYPE:-${CA_KEY_TYPE}}"

openssl req -x509 -nodes -new -sha256 -days 1024 -newkey "$CA_KEY_TYPE" -keyout RootCA.key -out RootCA.pem -subj "$CA_CRT_SUBJ"
openssl x509 -outform pem -in RootCA.pem -out RootCA.crt
openssl req -new -nodes -newkey "$EE_KEY_TYPE" -keyout lesspass.key -out lesspass.csr -subj "$EE_CRT_SUBJ"
openssl x509 -req -sha256 -days 1024 -in lesspass.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out lesspass.crt

openssl verify -verbose -CAfile RootCA.crt RootCA.crt lesspass.crt

Ladataan…
Peruuta
Tallenna