Manual backup: 2023-11-23 14:31:12

2023-11-23 14:31:13 +01:00 · 2023-11-23 14:31:13 +01:00 · 4b2df1c07b
commit 4b2df1c07b
parent 35fb9f5031
3 changed files with 48 additions and 7 deletions
--- a/.obsidian/workspace.json
+++ b/.obsidian/workspace.json
@ -4,11 +4,11 @@
    "type": "split",
    "children": [
      {
-        "id": "1087b450f262b613",
+        "id": "a501687bc170241a",
        "type": "tabs",
        "children": [
          {
-            "id": "8b827181a4fc3cb5",
+            "id": "55679479f22d17d3",
            "type": "leaf",
            "state": {
              "type": "empty",
@ -128,17 +128,18 @@
      "templater-obsidian:Templater": false
    }
  },
-  "active": "8b827181a4fc3cb5",
+  "active": "55679479f22d17d3",
  "lastOpenFiles": [
+    "KB/Linux/AMD.md",
+    "KB/Linux/Server/DNS.md",
+    "KB/Linux/Server/Client certificate generation.md",
+    "KB/Linux/Server/ArchLinux Bootstrap.md",
    "KB/Linux/Server/PostgreSQL.md",
    "KB/Linux/Server/Docker Volume Migration.md",
    "KB/Linux/Server/Domains.md",
-    "KB/Linux/Server/DNS.md",
-    "KB/Linux/Server/Bootstrap.md",
    "KB/Linux/Server/Hetzner/Storagebox.md",
    "KB/Linux/DNS.md",
    "KB/Linux/GNOME.md",
-    "KB/Linux/AMD.md",
    "KB/Linux/Wireguard.md",
    "KB/Linux/Pacman.md",
    "KB/Linux/Kernel.md",
@ -155,7 +156,6 @@
    "KB/Linux/Migrate to rootless docker 1.md",
    "KB/Linux/Migrate to rootless docker.md",
    "KB/Linux/Server/Hetzner/Upgrades.md",
-    "KB/Android/ADB Backup.md",
    "KB/Linux/Desktop/Firewall"
  ]
 }
--- a/KB/Linux/Server/Bootstrap.md
+++ b/KB/Linux/Server/Bootstrap.md
--- a/KB/Linux/Server/Client
+++ b/KB/Linux/Server/Client
@ -0,0 +1,41 @@
+---
+creation date: 2023-11-23
+tags: [cert,ssl,openssl,server,linux]
+---
+
+```shell
+#!/usr/bin/env bash
+#
+# Based on https://gist.github.com/mtigas/952344
+
+CLIENT_ID="user";
+CLIENT_SERIAL="01";
+
+echo "Create a Certificate Authority root";
+
+openssl genrsa -aes256 -passout pass:xxxx -out ca.pass.key 4096
+openssl rsa -passin pass:xxxx -in ca.pass.key -out ca.key
+rm ca.pass.key
+openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
+
+echo "Create the Client Key and CSR";
+
+openssl genrsa -aes256 -passout pass:xxxx -out ${CLIENT_ID}.pass.key 4096
+openssl rsa -passin pass:xxxx -in ${CLIENT_ID}.pass.key -out ${CLIENT_ID}.key
+rm ${CLIENT_ID}.pass.key
+openssl req -new -key ${CLIENT_ID}.key -out ${CLIENT_ID}.csr
+openssl x509 -req -days 3650 -in ${CLIENT_ID}.csr -CA ca.pem -CAkey ca.key -set_serial ${CLIENT_SERIAL} -out ${CLIENT_ID}.pem
+cat ${CLIENT_ID}.key ${CLIENT_ID}.pem ca.pem > ${CLIENT_ID}.full.pem
+
+
+echo "Bundle client key into a PFX file";
+openssl pkcs12 -export -out ${CLIENT_ID}.full.pfx -inkey ${CLIENT_ID}.key -in ${CLIENT_ID}.pem -certfile ca.pem
+
+
+echo "use ca.pem on nginx, import ${CLIENT_ID}.full.pfx into browser"
+
+```
+
+
+
+