diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json index 4d55b9a..cccfcc6 100644 --- a/.obsidian/workspace.json +++ b/.obsidian/workspace.json @@ -4,11 +4,11 @@ "type": "split", "children": [ { - "id": "1087b450f262b613", + "id": "a501687bc170241a", "type": "tabs", "children": [ { - "id": "8b827181a4fc3cb5", + "id": "55679479f22d17d3", "type": "leaf", "state": { "type": "empty", @@ -128,17 +128,18 @@ "templater-obsidian:Templater": false } }, - "active": "8b827181a4fc3cb5", + "active": "55679479f22d17d3", "lastOpenFiles": [ + "KB/Linux/AMD.md", + "KB/Linux/Server/DNS.md", + "KB/Linux/Server/Client certificate generation.md", + "KB/Linux/Server/ArchLinux Bootstrap.md", "KB/Linux/Server/PostgreSQL.md", "KB/Linux/Server/Docker Volume Migration.md", "KB/Linux/Server/Domains.md", - "KB/Linux/Server/DNS.md", - "KB/Linux/Server/Bootstrap.md", "KB/Linux/Server/Hetzner/Storagebox.md", "KB/Linux/DNS.md", "KB/Linux/GNOME.md", - "KB/Linux/AMD.md", "KB/Linux/Wireguard.md", "KB/Linux/Pacman.md", "KB/Linux/Kernel.md", @@ -155,7 +156,6 @@ "KB/Linux/Migrate to rootless docker 1.md", "KB/Linux/Migrate to rootless docker.md", "KB/Linux/Server/Hetzner/Upgrades.md", - "KB/Android/ADB Backup.md", "KB/Linux/Desktop/Firewall" ] } \ No newline at end of file diff --git a/KB/Linux/Server/Bootstrap.md b/KB/Linux/Server/ArchLinux Bootstrap.md similarity index 100% rename from KB/Linux/Server/Bootstrap.md rename to KB/Linux/Server/ArchLinux Bootstrap.md diff --git a/KB/Linux/Server/Client certificate generation.md b/KB/Linux/Server/Client certificate generation.md new file mode 100644 index 0000000..079e9fb --- /dev/null +++ b/KB/Linux/Server/Client certificate generation.md @@ -0,0 +1,41 @@ +--- +creation date: 2023-11-23 +tags: [cert,ssl,openssl,server,linux] +--- + +```shell +#!/usr/bin/env bash +# +# Based on https://gist.github.com/mtigas/952344 + +CLIENT_ID="user"; +CLIENT_SERIAL="01"; + +echo "Create a Certificate Authority root"; + +openssl genrsa -aes256 -passout pass:xxxx -out ca.pass.key 4096 +openssl rsa -passin pass:xxxx -in ca.pass.key -out ca.key +rm ca.pass.key +openssl req -new -x509 -days 3650 -key ca.key -out ca.pem + +echo "Create the Client Key and CSR"; + +openssl genrsa -aes256 -passout pass:xxxx -out ${CLIENT_ID}.pass.key 4096 +openssl rsa -passin pass:xxxx -in ${CLIENT_ID}.pass.key -out ${CLIENT_ID}.key +rm ${CLIENT_ID}.pass.key +openssl req -new -key ${CLIENT_ID}.key -out ${CLIENT_ID}.csr +openssl x509 -req -days 3650 -in ${CLIENT_ID}.csr -CA ca.pem -CAkey ca.key -set_serial ${CLIENT_SERIAL} -out ${CLIENT_ID}.pem +cat ${CLIENT_ID}.key ${CLIENT_ID}.pem ca.pem > ${CLIENT_ID}.full.pem + + +echo "Bundle client key into a PFX file"; +openssl pkcs12 -export -out ${CLIENT_ID}.full.pfx -inkey ${CLIENT_ID}.key -in ${CLIENT_ID}.pem -certfile ca.pem + + +echo "use ca.pem on nginx, import ${CLIENT_ID}.full.pfx into browser" + +``` + + + +