From a2a41fe6451659c933a7f3117789098c15f6f7dd Mon Sep 17 00:00:00 2001 From: Nulo Date: Thu, 22 Jul 2021 15:53:21 +0000 Subject: [PATCH 1/2] =?UTF-8?q?Generar=20certificados=20v=C3=A1lidos?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Gracias a esto: https://gist.github.com/cecilemuller/9492b848eb8fe46d462abeb26656c4f8 --- domains.ext | 7 +++++++ haini.sh | 21 +++++++++++---------- 2 files changed, 18 insertions(+), 10 deletions(-) create mode 100644 domains.ext diff --git a/domains.ext b/domains.ext new file mode 100644 index 0000000..7e6b4e5 --- /dev/null +++ b/domains.ext @@ -0,0 +1,7 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectAltName = @alt_names +[alt_names] +DNS.1 = sutty.local +DNS.2 = *.sutty.local diff --git a/haini.sh b/haini.sh index ccffe01..7575238 100755 --- a/haini.sh +++ b/haini.sh @@ -81,19 +81,20 @@ generar_certificado() { echo "Generando certificados..." - correr "openssl genpkey -algorithm RSA -pass pass:sutty -out $ca_key" - correr "openssl req -x509 -new -nodes -key $ca_key -sha256 \ - -passin pass:sutty -passout pass:sutty \ - -subj '/C=IN/ST=Cyberspace/L=Cyberspace/O=Sutty/OU=Espacio/CN=Sutty Local CA' \ - -days 3650 -out $ca_crt" + correr "openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 \ + -keyout $ca_key -out $ca_crt.pem -subj '/C=AR/CN=Sutty-Local-CA'" + correr "openssl x509 -outform pem -in $ca_crt.pem -out $ca_crt" correr "update-ca-certificates" - correr "openssl req -nodes -newkey rsa:2048 -keyout $domain_key -out $domain_csr \ - -subj '/C=IN/ST=Cyberspace/L=Cyberspace/O=Sutty/OU=Espacio/CN=sutty.local/CN=*.sutty.local'" - correr "openssl x509 -req -in $domain_csr \ - -CA $ca_crt -CAkey $ca_key -CAcreateserial \ - -out $domain_crt -days 3650 -sha256" + correr "openssl req -new -nodes -newkey rsa:2048 \ + -keyout $domain_key -out $domain_csr \ + -subj '/C=AR/ST=Ninguno/L=Interdimension/O=Sutty-Local/CN=sutty.local'" + correr "openssl x509 -req -sha256 -days 3650 \ + -in $domain_csr -CA $ca_crt.pem -CAkey $ca_key \ + -CAcreateserial -extfile /Sutty/haini.sh/domains.ext -out $domain_crt" + + rm "$ENTORNO$ca_crt.pem" echo "Instalando certificados..." if which update-ca-certificates 2>/dev/null; then From df376e804b9c0b714aed6b7fbdde9384f9c04666 Mon Sep 17 00:00:00 2001 From: Nulo Date: Thu, 22 Jul 2021 15:55:19 +0000 Subject: [PATCH 2/2] =?UTF-8?q?Hacer=20que=20el=20CA=20dure=2010=20a=C3=B1?= =?UTF-8?q?os?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- haini.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/haini.sh b/haini.sh index 7575238..01ac009 100755 --- a/haini.sh +++ b/haini.sh @@ -81,7 +81,7 @@ generar_certificado() { echo "Generando certificados..." - correr "openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 \ + correr "openssl req -x509 -nodes -new -sha256 -days 3650 -newkey rsa:2048 \ -keyout $ca_key -out $ca_crt.pem -subj '/C=AR/CN=Sutty-Local-CA'" correr "openssl x509 -outform pem -in $ca_crt.pem -out $ca_crt"