Tips-Of-Mine/Certificats
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

good

Browse Source
This commit is contained in:
Hubert Cornet 2024-05-13 18:45:49 +02:00
parent 3caab05764
commit bfb1f22217
5 changed files with 115 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
README.md
View File

@ -23,6 +23,57 @@ docker compose -f docker-compose-nginx.yml up -d
# Utilisation # Utilisation
## Certificat Autority
cd CA
openssl genpkey -algorithm RSA -out ca.key -aes256
pass phrase
pass phrase
ls
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
pass phrase
FR
Nord
Roubaix
Tips-Of-Mine
Tips-Of-Mine IT
Tips-Of-Mine Certificate Authority
admin@tips-of-mine.fr
ls
Extraction Winscp
## Windows
mmc
Ajoute certificats > Ordinateur
Autorités de certification racines de confiance > Certificats
Importer ca.crt
## Script installation
install.sh
## Script : certify.sh
Depuis la serveur distant lancer
certify.sh
## Service
nohup sh watch-csr.sh &
# More info # More info
- more information on the website [Tips-Of-Mine](https://www.tips-of-mine.fr/) - more information on the website [Tips-Of-Mine](https://www.tips-of-mine.fr/)

26
certify.sh Normal file
View File

@ -0,0 +1,26 @@
#!/bin/bash
echo "Saisir le nom de domaine ?"
read domain
openssl genpkey -algorithm RSA -out ${domain}.key
echo "clé generate"
content="[req]\ndistinguished_name = req_distinguished_name\nreq_extasions = v3_req\nprompt = no\n\n[req_distinguished_name]\nC = FR\nST = Nord\nL = ROUBAIX\nO = Tips-Of-Mine\nOU = IT\nCN = Tips-Of-Mine.local\nmailAddress = admin@tips-of-mine.fr\n\n[v3_req]\nsubjectKeyIdentifier = @alt_names\n\n[alt_names]\nDNS.1=${domain}\n"
echo ${content} > ${domain}.cnf
echo "fichier cree"
openssl req -new -key ${domain}.key -out ${domain}.csr -config ${domain}.cnf
echo "CSR cree"
sshpass -p "root" scp ${domain}.csr root@10.0.4.3:etc/ssl/CA/"
echo "CSR transmit"
sleep 2
sshpass -p "root" scp ${domain}.conf root@10.0.4.3:etc/ssl/CA/"
echo "Config transmit"
sleep 3
echo "téléchargement"
wget https://10.0.4.3/certs/${domain}.crt -P /etc/ssl/private/localcerts/
sleep 4

3
install.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/bash
apt install nano inotify-tools apache2 sshpass -y

20
sign-certificate.sh Normal file
View File

@ -0,0 +1,20 @@
#!/bin/bash
csr-file="$1"
config-file="$2"
file-name="$3"
file-name=$(basename ${file-name} .csr)
ca-cer-path="/etc/ssl/CA/ca.crt"
ca-key-path="/etc/ssl/CA/ca.key"
signed-cert-path="/var/www/html/certs/${file-name}.crt"
passphrase="azerty"
echo " * Start"
openssl x509 -req -in "${csr-file}" -CA "${ca-cer-path}" -CAkey "${ca-key-path}" -out "${signed-cert-path}" -days 365 -extfile "${config-file}" -extensions v3_req -passin "${passphrase}"
echo " * End ${signed-cert-path}"

15
watch-csr.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
watch-folder="/etc/ssl/CA"
while true; do
csr-file=$(inotifytwait -q -e create --format '%f' "${watch-folder}")
if ["${csr-file}" ]; then
echo " * Fichier recu"
config-file=$(inotifytwait -q -e create --format '%f' "${watch-folder}")
if ["${config-file}" ]; then
echo " * Fichier recu"
/bin/sh /etc/ssl/CA/sign-certificate.sh "${watch-folder}/${csr-file}" ${watch-folder}/${config-file}" "${csr-file}"
fi
fi
done