kanidm/insecure_generate_tls.sh

#!/bin/sh

cat > ./altnames.cnf << DEVEOF
[req]
nsComment = "Certificate"
distinguished_name  = req_distinguished_name
req_extensions = v3_req

[ req_distinguished_name ]

countryName                     = Country Name (2 letter code)
countryName_default             = AU
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Queensland

localityName                    = Locality Name (eg, city)
localityName_default            = Brisbane

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = INSECURE EXAMPLE

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default =  KaniDM

commonName                      = Common Name (eg, your name or your server\'s hostname)
commonName_max                  = 64
commonName_default              = localhost

[ v3_req ]

# Extensions to add to a certificate request

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
IP.1 = 127.0.0.1

DEVEOF

# Make the ca
openssl req -x509 -new -newkey rsa:2048 -keyout cakey.pem -out ca.pem -days 31 -subj "/C=AU/ST=Queensland/L=Brisbane/O=INSECURE/CN=insecure.ca.localhost" -nodes
openssl genrsa -out key.pem 2048
openssl req -key key.pem -out cert.csr -days 31 -config altnames.cnf -new -extensions v3_req
openssl x509 -req -days 31 -in cert.csr -CA ca.pem -CAkey cakey.pem -CAcreateserial -out cert.pem -extfile altnames.cnf -extensions v3_req

echo use ca.pem, cert.pem, and key.pem
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries. 2019-09-14 10:21:41 +02:00			`#!/bin/sh`

			`cat > ./altnames.cnf << DEVEOF`
			`[req]`
			`nsComment = "Certificate"`
			`distinguished_name = req_distinguished_name`
126 ssh key features (#146) Implemnt SSH public key management This implements ssh public key distribution for kanidm, enforcing that valid ssh public keys are placed into the ssh_publickey attribute, adds management tools so that accounts can self-service manage their keys, and finally adds an authorized keys command helper suitable for sshd_config to utilise. 2019-11-16 05:40:45 +01:00			`req_extensions = v3_req`
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries. 2019-09-14 10:21:41 +02:00
			`[ req_distinguished_name ]`

			`countryName = Country Name (2 letter code)`
			`countryName_default = AU`
			`countryName_min = 2`
			`countryName_max = 2`

			`stateOrProvinceName = State or Province Name (full name)`
			`stateOrProvinceName_default = Queensland`

			`localityName = Locality Name (eg, city)`
			`localityName_default = Brisbane`

			`0.organizationName = Organization Name (eg, company)`
			`0.organizationName_default = INSECURE EXAMPLE`

			`organizationalUnitName = Organizational Unit Name (eg, section)`
			`organizationalUnitName_default = KaniDM`

			`commonName = Common Name (eg, your name or your server\'s hostname)`
			`commonName_max = 64`
			`commonName_default = localhost`

			`[ v3_req ]`

			`# Extensions to add to a certificate request`

			`basicConstraints = CA:FALSE`
			`keyUsage = nonRepudiation, digitalSignature, keyEncipherment`
			`subjectAltName = @alt_names`

			`[alt_names]`
126 ssh key features (#146) Implemnt SSH public key management This implements ssh public key distribution for kanidm, enforcing that valid ssh public keys are placed into the ssh_publickey attribute, adds management tools so that accounts can self-service manage their keys, and finally adds an authorized keys command helper suitable for sshd_config to utilise. 2019-11-16 05:40:45 +01:00			`DNS.1 = localhost`
			`IP.1 = 127.0.0.1`
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries. 2019-09-14 10:21:41 +02:00
			`DEVEOF`

			`# Make the ca`
			`openssl req -x509 -new -newkey rsa:2048 -keyout cakey.pem -out ca.pem -days 31 -subj "/C=AU/ST=Queensland/L=Brisbane/O=INSECURE/CN=insecure.ca.localhost" -nodes`
			`openssl genrsa -out key.pem 2048`
126 ssh key features (#146) Implemnt SSH public key management This implements ssh public key distribution for kanidm, enforcing that valid ssh public keys are placed into the ssh_publickey attribute, adds management tools so that accounts can self-service manage their keys, and finally adds an authorized keys command helper suitable for sshd_config to utilise. 2019-11-16 05:40:45 +01:00			`openssl req -key key.pem -out cert.csr -days 31 -config altnames.cnf -new -extensions v3_req`
			`openssl x509 -req -days 31 -in cert.csr -CA ca.pem -CAkey cakey.pem -CAcreateserial -out cert.pem -extfile altnames.cnf -extensions v3_req`
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries. 2019-09-14 10:21:41 +02:00
			`echo use ca.pem, cert.pem, and key.pem`