From bfb1f222175a1783cf7dfbd5849be3c04dfcf0a7 Mon Sep 17 00:00:00 2001 From: hcornet Date: Mon, 13 May 2024 18:45:49 +0200 Subject: [PATCH] good --- README.md | 51 +++++++++++++++++++++++++++++++++++++++++++++ certify.sh | 26 +++++++++++++++++++++++ install.sh | 3 +++ sign-certificate.sh | 20 ++++++++++++++++++ watch-csr.sh | 15 +++++++++++++ 5 files changed, 115 insertions(+) create mode 100644 certify.sh create mode 100644 install.sh create mode 100644 sign-certificate.sh create mode 100644 watch-csr.sh diff --git a/README.md b/README.md index ced8533..defe2c5 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,57 @@ docker compose -f docker-compose-nginx.yml up -d # Utilisation +## Certificat Autority +cd CA + +openssl genpkey -algorithm RSA -out ca.key -aes256 + +pass phrase + +pass phrase + +ls + +openssl req -new -x509 -days 3650 -key ca.key -out ca.crt + +pass phrase + +FR +Nord +Roubaix +Tips-Of-Mine +Tips-Of-Mine IT +Tips-Of-Mine Certificate Authority +admin@tips-of-mine.fr + +ls + +Extraction Winscp + +## Windows + +mmc + +Ajoute certificats > Ordinateur + +Autorités de certification racines de confiance > Certificats + +Importer ca.crt + +## Script installation + + install.sh + +## Script : certify.sh + +Depuis la serveur distant lancer + + certify.sh + +## Service + + nohup sh watch-csr.sh & + # More info - more information on the website [Tips-Of-Mine](https://www.tips-of-mine.fr/) diff --git a/certify.sh b/certify.sh new file mode 100644 index 0000000..baf98b1 --- /dev/null +++ b/certify.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +echo "Saisir le nom de domaine ?" +read domain +openssl genpkey -algorithm RSA -out ${domain}.key +echo "clé generate" + +content="[req]\ndistinguished_name = req_distinguished_name\nreq_extasions = v3_req\nprompt = no\n\n[req_distinguished_name]\nC = FR\nST = Nord\nL = ROUBAIX\nO = Tips-Of-Mine\nOU = IT\nCN = Tips-Of-Mine.local\nmailAddress = admin@tips-of-mine.fr\n\n[v3_req]\nsubjectKeyIdentifier = @alt_names\n\n[alt_names]\nDNS.1=${domain}\n" + +echo ${content} > ${domain}.cnf + +echo "fichier cree" + +openssl req -new -key ${domain}.key -out ${domain}.csr -config ${domain}.cnf + +echo "CSR cree" + +sshpass -p "root" scp ${domain}.csr root@10.0.4.3:etc/ssl/CA/" +echo "CSR transmit" +sleep 2 +sshpass -p "root" scp ${domain}.conf root@10.0.4.3:etc/ssl/CA/" +echo "Config transmit" +sleep 3 +echo "téléchargement" +wget https://10.0.4.3/certs/${domain}.crt -P /etc/ssl/private/localcerts/ +sleep 4 \ No newline at end of file diff --git a/install.sh b/install.sh new file mode 100644 index 0000000..44daca5 --- /dev/null +++ b/install.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +apt install nano inotify-tools apache2 sshpass -y \ No newline at end of file diff --git a/sign-certificate.sh b/sign-certificate.sh new file mode 100644 index 0000000..159a46e --- /dev/null +++ b/sign-certificate.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +csr-file="$1" +config-file="$2" +file-name="$3" + +file-name=$(basename ${file-name} .csr) + +ca-cer-path="/etc/ssl/CA/ca.crt" +ca-key-path="/etc/ssl/CA/ca.key" + +signed-cert-path="/var/www/html/certs/${file-name}.crt" + +passphrase="azerty" + +echo " * Start" + +openssl x509 -req -in "${csr-file}" -CA "${ca-cer-path}" -CAkey "${ca-key-path}" -out "${signed-cert-path}" -days 365 -extfile "${config-file}" -extensions v3_req -passin "${passphrase}" + +echo " * End ${signed-cert-path}" \ No newline at end of file diff --git a/watch-csr.sh b/watch-csr.sh new file mode 100644 index 0000000..448fca2 --- /dev/null +++ b/watch-csr.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +watch-folder="/etc/ssl/CA" + +while true; do + csr-file=$(inotifytwait -q -e create --format '%f' "${watch-folder}") + if ["${csr-file}" ]; then + echo " * Fichier recu" + config-file=$(inotifytwait -q -e create --format '%f' "${watch-folder}") + if ["${config-file}" ]; then + echo " * Fichier recu" + /bin/sh /etc/ssl/CA/sign-certificate.sh "${watch-folder}/${csr-file}" ${watch-folder}/${config-file}" "${csr-file}" + fi + fi +done \ No newline at end of file