Skip to content

Commit

Permalink
update certs
Browse files Browse the repository at this point in the history 
Signed-off-by: May Rosenbaum <mayro1595@gmail.com>
  • Loading branch information
@MayRosenbaum
MayRosenbaum committed Aug 15, 2023
1 parent 987524f commit 80e706a
Show file tree
Hide file tree
Showing 11 changed files with 50 additions and 42 deletions.
6 changes: 3 additions & 3 deletions deployment/crypto/CA/CA.key
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIFtY6+wyCNu7U2OUoe4q6hUP8eWH9kn5UF31yiEwJqWcoAoGCCqGSM49
AwEHoUQDQgAEXMP1pAbjLzs+2l8mKAcT54iMxA/jtyOgxPoEIbIsj0CHzuGOYsjj
XqkdFfZs4KIs5bnEKF3tYBWzZsbjIEkTPA==
MHcCAQEEIEs4vN4nE+KxLoqrDtTczDJ+8gAJSNFvNFSH/coNnpDooAoGCCqGSM49
AwEHoUQDQgAEUnWj+vIHSL60C3a2ruQ7rUBV8/hQTd7XhEk0CXlOQKXsb+Erd0Y7
3O1jcrJkVgovtJER+JPjNR6Q9ZAF9Vcp6A==
-----END EC PRIVATE KEY-----
15 changes: 8 additions & 7 deletions deployment/crypto/CA/CA.pem
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBrDCCAVOgAwIBAgIUZsNZO+cqCoqC9ymMpFb1bijoIqUwCgYIKoZIzj0EAwIw
MIIBrTCCAVOgAwIBAgIUUwrBFY75PuSRQno0RkDBVYquD1kwCgYIKoZIzj0EAwIw
LDELMAkGA1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4X
DTIyMDcxMTA1MDUyNloXDTIzMDcxMTA1MDUyNlowLDELMAkGA1UEBhMCSUwxDjAM
DTIzMDgxNTA5Mzk1N1oXDTI4MDgxMzA5Mzk1N1owLDELMAkGA1UEBhMCSUwxDjAM
BgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMFkwEwYHKoZIzj0CAQYIKoZIzj0D
AQcDQgAEXMP1pAbjLzs+2l8mKAcT54iMxA/jtyOgxPoEIbIsj0CHzuGOYsjjXqkd
FfZs4KIs5bnEKF3tYBWzZsbjIEkTPKNTMFEwHQYDVR0OBBYEFAuEb7A7PrW1mQMA
B6hPjyOMsxR2MB8GA1UdIwQYMBaAFAuEb7A7PrW1mQMAB6hPjyOMsxR2MA8GA1Ud
EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgXKxaESXbrhgM1jeXC17iccAY
AimMdDTtRfT+MxpAZzkCIHX0MTp7FHL6STnomhoAM2tTgrUSOIzqFPwCSZ3ZsW39
AQcDQgAEUnWj+vIHSL60C3a2ruQ7rUBV8/hQTd7XhEk0CXlOQKXsb+Erd0Y73O1j
crJkVgovtJER+JPjNR6Q9ZAF9Vcp6KNTMFEwHQYDVR0OBBYEFCp8w0chDSHiDpGU
ljBot7QkTfftMB8GA1UdIwQYMBaAFCp8w0chDSHiDpGUljBot7QkTfftMA8GA1Ud
EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgBjuEILvEEXP7IvisWhwSEMsy
hIzPJg6DjO8zOpUwahICIQDHJ/APkMSC6k0pomylocTfRyaEAf4ZdqTE/a+OLQuy
Xw==
-----END CERTIFICATE-----
4 changes: 4 additions & 0 deletions deployment/crypto/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
This folder contains the crypto materials, including certificated per user.

### creating keys and certificates and using them in configuration
Run from `orion-server` root folder and run `./scripts/cryptoGen.sh deployment` - keys and certificates are stored inside deployment
6 changes: 3 additions & 3 deletions deployment/crypto/admin/admin.key
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIFYjQF5mSL+oRcOdGPxULl44mbPxETiPWt/hY/cHFHuvoAoGCCqGSM49
AwEHoUQDQgAE7BRSToz4fudVAIFP2sFSkCgC+9AXzuIAVJxmV5deHIyXBsN1Jy45
ZHcEVSjU1waQVk4ntSRUZVAW0SyuptBG7A==
MHcCAQEEIM4y3U7g+Q4NOKG9khD7vdfMV0hCEKGO/rzOb1BHD27noAoGCCqGSM49
AwEHoUQDQgAERfcAfus5H78nA+KvgvCbV4Mu65rezLURPpgUz0oSLlh7weOdVFd+
xs/YfD9/+YOQ3GqMHQLVj4umhDsHbHXbow==
-----END EC PRIVATE KEY-----
14 changes: 7 additions & 7 deletions deployment/crypto/admin/admin.pem
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
-----BEGIN CERTIFICATE-----
MIIBUjCB+QIUI3x97xqJfU4HlSJpSe4M6zo88PMwCgYIKoZIzj0EAwIwLDELMAkG
A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIyMDcx
MTA1MDUzNVoXDTIzMDcxMTA1MDUzNVowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
MIIBUTCB+QIUYSQJkr9at+tEEb62Gk5xYyJ1dYIwCgYIKoZIzj0EAwIwLDELMAkG
A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIzMDgx
NTA5NDAwMFoXDTI4MDgxMzA5NDAwMFowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
BUhhaWZhMQ0wCwYDVQQKDARCQ0RCMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
7BRSToz4fudVAIFP2sFSkCgC+9AXzuIAVJxmV5deHIyXBsN1Jy45ZHcEVSjU1waQ
Vk4ntSRUZVAW0SyuptBG7DAKBggqhkjOPQQDAgNIADBFAiEAzHjvH+aSHO+sB1zG
KbhxRKuPtXUB9uFQIcfktbbvfjoCIHzm61WF8cvVBuANYNrBzPnnzoBh6GMboCji
ZEXvay6v
RfcAfus5H78nA+KvgvCbV4Mu65rezLURPpgUz0oSLlh7weOdVFd+xs/YfD9/+YOQ
3GqMHQLVj4umhDsHbHXbozAKBggqhkjOPQQDAgNHADBEAiAfKaTReR4BH78KYlIE
o7GzrmFflB0fvHCH1zBIpLBNHQIgGtxXNGeyh5tBs2YgOvjUuT15Wx9WwBbXEifg
QdZiOCA=
-----END CERTIFICATE-----
6 changes: 3 additions & 3 deletions deployment/crypto/server/server.key
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIPqLeZILGI3zKzmc7ett9WHo+Ca95CDt/aVSbbX0nnCjoAoGCCqGSM49
AwEHoUQDQgAE9jOfe69sfESPKOnAT7t9wjgzhSr/hoAyNsqL7A3Ws12dQlx1N59g
s40UhJ6Z5/XA91JtDvM25gVJ+w+VC8ErBg==
MHcCAQEEIHggwra0TrUVqP6WhrWB0bwzEX5BuNhlVyLqhaBsQh/zoAoGCCqGSM49
AwEHoUQDQgAEcVw9IKUXTct9HjSsNiXCQMrehFAVmAA9NWI4g/2eFr6nHBblPuB/
zNjzDDQ4CXWmG/thW48YGi0fP0X8LZzjbQ==
-----END EC PRIVATE KEY-----
14 changes: 7 additions & 7 deletions deployment/crypto/server/server.pem
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
-----BEGIN CERTIFICATE-----
MIIBUjCB+QIUI3x97xqJfU4HlSJpSe4M6zo88PYwCgYIKoZIzj0EAwIwLDELMAkG
A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIyMDcx
MTA1MDU0MloXDTIzMDcxMTA1MDU0MlowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
MIIBUzCB+QIUYSQJkr9at+tEEb62Gk5xYyJ1dYEwCgYIKoZIzj0EAwIwLDELMAkG
A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIzMDgx
NTA5Mzk1OFoXDTI4MDgxMzA5Mzk1OFowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
BUhhaWZhMQ0wCwYDVQQKDARCQ0RCMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
9jOfe69sfESPKOnAT7t9wjgzhSr/hoAyNsqL7A3Ws12dQlx1N59gs40UhJ6Z5/XA
91JtDvM25gVJ+w+VC8ErBjAKBggqhkjOPQQDAgNIADBFAiEAiQReX/+Jzid1cV0Y
CRcAjJUOwsCl0BbW7NHL1oYRfqwCIGulWxoTZHC/dUZJXb/qhxa2YXqsaJTdzmxV
hK8XstZ2
cVw9IKUXTct9HjSsNiXCQMrehFAVmAA9NWI4g/2eFr6nHBblPuB/zNjzDDQ4CXWm
G/thW48YGi0fP0X8LZzjbTAKBggqhkjOPQQDAgNJADBGAiEAqgDQ689KDvieiE4s
6nq/YWwr0WE89VXiNL4gsNyWslkCIQCoazf8/tmmmVr66lE/CAcbZG9RTkvqud27
89gsYfYERA==
-----END CERTIFICATE-----
6 changes: 3 additions & 3 deletions deployment/crypto/user/user.key
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIHs7ATWFT8R1INM5kXA2GC+Skh8xIijDaFNbPxIcmLVkoAoGCCqGSM49
AwEHoUQDQgAEIWlXtC/ASjXgDujTcJ5fi2SMMJ7PaQ72yedRndHj+amA0m+ymWCx
TifIuo3ZOaoL7YYQGMh3+CfUMR/LVKNQyA==
MHcCAQEEICEAXGI35pFBwG0yvEVdPP1Z0mYUzKLGQFBb/8hVnOfioAoGCCqGSM49
AwEHoUQDQgAE1tg6Mk10mGj0pyCwnordEcadv9odkXa/FQfVeFiP/Jpz25l1PjGR
exr8hfA3RPNIsQjpkRJFNZuXFcAABrnGBg==
-----END EC PRIVATE KEY-----
14 changes: 7 additions & 7 deletions deployment/crypto/user/user.pem
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
-----BEGIN CERTIFICATE-----
MIIBUTCB+QIUI3x97xqJfU4HlSJpSe4M6zo88PcwCgYIKoZIzj0EAwIwLDELMAkG
A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIyMDcx
MTA1MDU0NVoXDTIzMDcxMTA1MDU0NVowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
MIIBUzCB+QIUYSQJkr9at+tEEb62Gk5xYyJ1dYMwCgYIKoZIzj0EAwIwLDELMAkG
A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIzMDgx
NTA5NDAwMVoXDTI4MDgxMzA5NDAwMVowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
BUhhaWZhMQ0wCwYDVQQKDARCQ0RCMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
IWlXtC/ASjXgDujTcJ5fi2SMMJ7PaQ72yedRndHj+amA0m+ymWCxTifIuo3ZOaoL
7YYQGMh3+CfUMR/LVKNQyDAKBggqhkjOPQQDAgNHADBEAiBjtVCjcq7uP8OVbcJ+
lwjmVL1VrmzxMwP/TWlXbZgwjAIgQmTJeTsmS/VOEMtaZxi/TGDB48NqKcM5pTdP
fBvwmec=
1tg6Mk10mGj0pyCwnordEcadv9odkXa/FQfVeFiP/Jpz25l1PjGRexr8hfA3RPNI
sQjpkRJFNZuXFcAABrnGBjAKBggqhkjOPQQDAgNJADBGAiEA876byAJBQi+Y13DW
geHLTlTXZVUIslpwddfPLKXwrN0CIQD2miKBmmH0fy1GBJ1Yf7H779Pt5Nxqigv4
7Uc10goQUg==
-----END CERTIFICATE-----
3 changes: 3 additions & 0 deletions scripts/README.md
View file
Original file line number Diff line number Diff line change
@@ -1 +1,4 @@
It holds the scripts to perform various build, and install.

### creating keys and certificates and using them in configuration
Run from `orion-server` root folder and run `./scripts/cryptoGen.sh deployment` - keys and certificates are stored inside deployment
4 changes: 2 additions & 2 deletions scripts/cryptoGen.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ create_pki() {
docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl req -new -key "/export/$1/$1.key" -out "/export/$1/$1.csr" -subj "/C=IL/ST=Haifa/O=BCDB"

echo "Generate node certificate"
docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl x509 -req -in "/export/$1/$1.csr" -CA "/export/CA/CA.pem" -CAkey "/export/CA/CA.key" -CAcreateserial -out "/export/$1/$1.pem" -days 365 -sha256
docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl x509 -req -in "/export/$1/$1.csr" -CA "/export/CA/CA.pem" -CAkey "/export/CA/CA.key" -CAcreateserial -out "/export/$1/$1.pem" -days 1825 -sha256
}

if [ -z "$1" ]
Expand All @@ -39,7 +39,7 @@ docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl ecparam -name prim
docker run -it --rm -v $BASE_DIR/crypto:/export nginx chmod ga+r "/export/CA/CA.key"

echo "Generating self-signed root CA certificate"
docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl req -new -x509 -nodes -key "/export/CA/CA.key" -sha256 -days 365 -out "/export/CA/CA.pem" -subj "/C=IL/ST=Haifa/O=BCDB" -extensions v3_ca
docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl req -new -x509 -nodes -key "/export/CA/CA.key" -sha256 -days 1825 -out "/export/CA/CA.pem" -subj "/C=IL/ST=Haifa/O=BCDB" -extensions v3_ca

for f in "server" "admin" "user"
do
Expand Down

0 comments on commit 80e706a

Please sign in to comment.