1
0
Fork 0

Manual backup: 2023-11-23 14:31:12

This commit is contained in:
Alexander Schäferdiek 2023-11-23 14:31:13 +01:00
parent 35fb9f5031
commit 4b2df1c07b
3 changed files with 48 additions and 7 deletions

View file

@ -4,11 +4,11 @@
"type": "split", "type": "split",
"children": [ "children": [
{ {
"id": "1087b450f262b613", "id": "a501687bc170241a",
"type": "tabs", "type": "tabs",
"children": [ "children": [
{ {
"id": "8b827181a4fc3cb5", "id": "55679479f22d17d3",
"type": "leaf", "type": "leaf",
"state": { "state": {
"type": "empty", "type": "empty",
@ -128,17 +128,18 @@
"templater-obsidian:Templater": false "templater-obsidian:Templater": false
} }
}, },
"active": "8b827181a4fc3cb5", "active": "55679479f22d17d3",
"lastOpenFiles": [ "lastOpenFiles": [
"KB/Linux/AMD.md",
"KB/Linux/Server/DNS.md",
"KB/Linux/Server/Client certificate generation.md",
"KB/Linux/Server/ArchLinux Bootstrap.md",
"KB/Linux/Server/PostgreSQL.md", "KB/Linux/Server/PostgreSQL.md",
"KB/Linux/Server/Docker Volume Migration.md", "KB/Linux/Server/Docker Volume Migration.md",
"KB/Linux/Server/Domains.md", "KB/Linux/Server/Domains.md",
"KB/Linux/Server/DNS.md",
"KB/Linux/Server/Bootstrap.md",
"KB/Linux/Server/Hetzner/Storagebox.md", "KB/Linux/Server/Hetzner/Storagebox.md",
"KB/Linux/DNS.md", "KB/Linux/DNS.md",
"KB/Linux/GNOME.md", "KB/Linux/GNOME.md",
"KB/Linux/AMD.md",
"KB/Linux/Wireguard.md", "KB/Linux/Wireguard.md",
"KB/Linux/Pacman.md", "KB/Linux/Pacman.md",
"KB/Linux/Kernel.md", "KB/Linux/Kernel.md",
@ -155,7 +156,6 @@
"KB/Linux/Migrate to rootless docker 1.md", "KB/Linux/Migrate to rootless docker 1.md",
"KB/Linux/Migrate to rootless docker.md", "KB/Linux/Migrate to rootless docker.md",
"KB/Linux/Server/Hetzner/Upgrades.md", "KB/Linux/Server/Hetzner/Upgrades.md",
"KB/Android/ADB Backup.md",
"KB/Linux/Desktop/Firewall" "KB/Linux/Desktop/Firewall"
] ]
} }

View file

@ -0,0 +1,41 @@
---
creation date: 2023-11-23
tags: [cert,ssl,openssl,server,linux]
---
```shell
#!/usr/bin/env bash
#
# Based on https://gist.github.com/mtigas/952344
CLIENT_ID="user";
CLIENT_SERIAL="01";
echo "Create a Certificate Authority root";
openssl genrsa -aes256 -passout pass:xxxx -out ca.pass.key 4096
openssl rsa -passin pass:xxxx -in ca.pass.key -out ca.key
rm ca.pass.key
openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
echo "Create the Client Key and CSR";
openssl genrsa -aes256 -passout pass:xxxx -out ${CLIENT_ID}.pass.key 4096
openssl rsa -passin pass:xxxx -in ${CLIENT_ID}.pass.key -out ${CLIENT_ID}.key
rm ${CLIENT_ID}.pass.key
openssl req -new -key ${CLIENT_ID}.key -out ${CLIENT_ID}.csr
openssl x509 -req -days 3650 -in ${CLIENT_ID}.csr -CA ca.pem -CAkey ca.key -set_serial ${CLIENT_SERIAL} -out ${CLIENT_ID}.pem
cat ${CLIENT_ID}.key ${CLIENT_ID}.pem ca.pem > ${CLIENT_ID}.full.pem
echo "Bundle client key into a PFX file";
openssl pkcs12 -export -out ${CLIENT_ID}.full.pfx -inkey ${CLIENT_ID}.key -in ${CLIENT_ID}.pem -certfile ca.pem
echo "use ca.pem on nginx, import ${CLIENT_ID}.full.pfx into browser"
```