diff --git a/deployment/crypto/CA/CA.key b/deployment/crypto/CA/CA.key index c8d215f7..2c959088 100644 --- a/deployment/crypto/CA/CA.key +++ b/deployment/crypto/CA/CA.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIFtY6+wyCNu7U2OUoe4q6hUP8eWH9kn5UF31yiEwJqWcoAoGCCqGSM49 -AwEHoUQDQgAEXMP1pAbjLzs+2l8mKAcT54iMxA/jtyOgxPoEIbIsj0CHzuGOYsjj -XqkdFfZs4KIs5bnEKF3tYBWzZsbjIEkTPA== +MHcCAQEEIEs4vN4nE+KxLoqrDtTczDJ+8gAJSNFvNFSH/coNnpDooAoGCCqGSM49 +AwEHoUQDQgAEUnWj+vIHSL60C3a2ruQ7rUBV8/hQTd7XhEk0CXlOQKXsb+Erd0Y7 +3O1jcrJkVgovtJER+JPjNR6Q9ZAF9Vcp6A== -----END EC PRIVATE KEY----- diff --git a/deployment/crypto/CA/CA.pem b/deployment/crypto/CA/CA.pem index f971dda2..85edef59 100644 --- a/deployment/crypto/CA/CA.pem +++ b/deployment/crypto/CA/CA.pem @@ -1,11 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBrDCCAVOgAwIBAgIUZsNZO+cqCoqC9ymMpFb1bijoIqUwCgYIKoZIzj0EAwIw +MIIBrTCCAVOgAwIBAgIUUwrBFY75PuSRQno0RkDBVYquD1kwCgYIKoZIzj0EAwIw LDELMAkGA1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4X -DTIyMDcxMTA1MDUyNloXDTIzMDcxMTA1MDUyNlowLDELMAkGA1UEBhMCSUwxDjAM +DTIzMDgxNTA5Mzk1N1oXDTI4MDgxMzA5Mzk1N1owLDELMAkGA1UEBhMCSUwxDjAM BgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMFkwEwYHKoZIzj0CAQYIKoZIzj0D -AQcDQgAEXMP1pAbjLzs+2l8mKAcT54iMxA/jtyOgxPoEIbIsj0CHzuGOYsjjXqkd -FfZs4KIs5bnEKF3tYBWzZsbjIEkTPKNTMFEwHQYDVR0OBBYEFAuEb7A7PrW1mQMA -B6hPjyOMsxR2MB8GA1UdIwQYMBaAFAuEb7A7PrW1mQMAB6hPjyOMsxR2MA8GA1Ud -EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgXKxaESXbrhgM1jeXC17iccAY -AimMdDTtRfT+MxpAZzkCIHX0MTp7FHL6STnomhoAM2tTgrUSOIzqFPwCSZ3ZsW39 +AQcDQgAEUnWj+vIHSL60C3a2ruQ7rUBV8/hQTd7XhEk0CXlOQKXsb+Erd0Y73O1j +crJkVgovtJER+JPjNR6Q9ZAF9Vcp6KNTMFEwHQYDVR0OBBYEFCp8w0chDSHiDpGU +ljBot7QkTfftMB8GA1UdIwQYMBaAFCp8w0chDSHiDpGUljBot7QkTfftMA8GA1Ud +EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgBjuEILvEEXP7IvisWhwSEMsy +hIzPJg6DjO8zOpUwahICIQDHJ/APkMSC6k0pomylocTfRyaEAf4ZdqTE/a+OLQuy +Xw== -----END CERTIFICATE----- diff --git a/deployment/crypto/README.md b/deployment/crypto/README.md new file mode 100644 index 00000000..ef65d21d --- /dev/null +++ b/deployment/crypto/README.md @@ -0,0 +1,4 @@ +This folder contains the crypto materials, including certificated per user. + +### creating keys and certificates and using them in configuration +Run from `orion-server` root folder and run `./scripts/cryptoGen.sh deployment` - keys and certificates are stored inside deployment diff --git a/deployment/crypto/admin/admin.key b/deployment/crypto/admin/admin.key index 7abec904..2809c7dd 100644 --- a/deployment/crypto/admin/admin.key +++ b/deployment/crypto/admin/admin.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIFYjQF5mSL+oRcOdGPxULl44mbPxETiPWt/hY/cHFHuvoAoGCCqGSM49 -AwEHoUQDQgAE7BRSToz4fudVAIFP2sFSkCgC+9AXzuIAVJxmV5deHIyXBsN1Jy45 -ZHcEVSjU1waQVk4ntSRUZVAW0SyuptBG7A== +MHcCAQEEIM4y3U7g+Q4NOKG9khD7vdfMV0hCEKGO/rzOb1BHD27noAoGCCqGSM49 +AwEHoUQDQgAERfcAfus5H78nA+KvgvCbV4Mu65rezLURPpgUz0oSLlh7weOdVFd+ +xs/YfD9/+YOQ3GqMHQLVj4umhDsHbHXbow== -----END EC PRIVATE KEY----- diff --git a/deployment/crypto/admin/admin.pem b/deployment/crypto/admin/admin.pem index eb87d6a8..97bb9336 100644 --- a/deployment/crypto/admin/admin.pem +++ b/deployment/crypto/admin/admin.pem @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBUjCB+QIUI3x97xqJfU4HlSJpSe4M6zo88PMwCgYIKoZIzj0EAwIwLDELMAkG -A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIyMDcx -MTA1MDUzNVoXDTIzMDcxMTA1MDUzNVowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM +MIIBUTCB+QIUYSQJkr9at+tEEb62Gk5xYyJ1dYIwCgYIKoZIzj0EAwIwLDELMAkG +A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIzMDgx +NTA5NDAwMFoXDTI4MDgxMzA5NDAwMFowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM BUhhaWZhMQ0wCwYDVQQKDARCQ0RCMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE -7BRSToz4fudVAIFP2sFSkCgC+9AXzuIAVJxmV5deHIyXBsN1Jy45ZHcEVSjU1waQ -Vk4ntSRUZVAW0SyuptBG7DAKBggqhkjOPQQDAgNIADBFAiEAzHjvH+aSHO+sB1zG -KbhxRKuPtXUB9uFQIcfktbbvfjoCIHzm61WF8cvVBuANYNrBzPnnzoBh6GMboCji -ZEXvay6v +RfcAfus5H78nA+KvgvCbV4Mu65rezLURPpgUz0oSLlh7weOdVFd+xs/YfD9/+YOQ +3GqMHQLVj4umhDsHbHXbozAKBggqhkjOPQQDAgNHADBEAiAfKaTReR4BH78KYlIE +o7GzrmFflB0fvHCH1zBIpLBNHQIgGtxXNGeyh5tBs2YgOvjUuT15Wx9WwBbXEifg +QdZiOCA= -----END CERTIFICATE----- diff --git a/deployment/crypto/server/server.key b/deployment/crypto/server/server.key index d2aa582d..5b98376a 100644 --- a/deployment/crypto/server/server.key +++ b/deployment/crypto/server/server.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIPqLeZILGI3zKzmc7ett9WHo+Ca95CDt/aVSbbX0nnCjoAoGCCqGSM49 -AwEHoUQDQgAE9jOfe69sfESPKOnAT7t9wjgzhSr/hoAyNsqL7A3Ws12dQlx1N59g -s40UhJ6Z5/XA91JtDvM25gVJ+w+VC8ErBg== +MHcCAQEEIHggwra0TrUVqP6WhrWB0bwzEX5BuNhlVyLqhaBsQh/zoAoGCCqGSM49 +AwEHoUQDQgAEcVw9IKUXTct9HjSsNiXCQMrehFAVmAA9NWI4g/2eFr6nHBblPuB/ +zNjzDDQ4CXWmG/thW48YGi0fP0X8LZzjbQ== -----END EC PRIVATE KEY----- diff --git a/deployment/crypto/server/server.pem b/deployment/crypto/server/server.pem index a307bca4..04c69c87 100644 --- a/deployment/crypto/server/server.pem +++ b/deployment/crypto/server/server.pem @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBUjCB+QIUI3x97xqJfU4HlSJpSe4M6zo88PYwCgYIKoZIzj0EAwIwLDELMAkG -A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIyMDcx -MTA1MDU0MloXDTIzMDcxMTA1MDU0MlowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM +MIIBUzCB+QIUYSQJkr9at+tEEb62Gk5xYyJ1dYEwCgYIKoZIzj0EAwIwLDELMAkG +A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIzMDgx +NTA5Mzk1OFoXDTI4MDgxMzA5Mzk1OFowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM BUhhaWZhMQ0wCwYDVQQKDARCQ0RCMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE -9jOfe69sfESPKOnAT7t9wjgzhSr/hoAyNsqL7A3Ws12dQlx1N59gs40UhJ6Z5/XA -91JtDvM25gVJ+w+VC8ErBjAKBggqhkjOPQQDAgNIADBFAiEAiQReX/+Jzid1cV0Y -CRcAjJUOwsCl0BbW7NHL1oYRfqwCIGulWxoTZHC/dUZJXb/qhxa2YXqsaJTdzmxV -hK8XstZ2 +cVw9IKUXTct9HjSsNiXCQMrehFAVmAA9NWI4g/2eFr6nHBblPuB/zNjzDDQ4CXWm +G/thW48YGi0fP0X8LZzjbTAKBggqhkjOPQQDAgNJADBGAiEAqgDQ689KDvieiE4s +6nq/YWwr0WE89VXiNL4gsNyWslkCIQCoazf8/tmmmVr66lE/CAcbZG9RTkvqud27 +89gsYfYERA== -----END CERTIFICATE----- diff --git a/deployment/crypto/user/user.key b/deployment/crypto/user/user.key index 0654bbdd..e7202654 100644 --- a/deployment/crypto/user/user.key +++ b/deployment/crypto/user/user.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIHs7ATWFT8R1INM5kXA2GC+Skh8xIijDaFNbPxIcmLVkoAoGCCqGSM49 -AwEHoUQDQgAEIWlXtC/ASjXgDujTcJ5fi2SMMJ7PaQ72yedRndHj+amA0m+ymWCx -TifIuo3ZOaoL7YYQGMh3+CfUMR/LVKNQyA== +MHcCAQEEICEAXGI35pFBwG0yvEVdPP1Z0mYUzKLGQFBb/8hVnOfioAoGCCqGSM49 +AwEHoUQDQgAE1tg6Mk10mGj0pyCwnordEcadv9odkXa/FQfVeFiP/Jpz25l1PjGR +exr8hfA3RPNIsQjpkRJFNZuXFcAABrnGBg== -----END EC PRIVATE KEY----- diff --git a/deployment/crypto/user/user.pem b/deployment/crypto/user/user.pem index 8b3a172b..d02f8ac8 100644 --- a/deployment/crypto/user/user.pem +++ b/deployment/crypto/user/user.pem @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBUTCB+QIUI3x97xqJfU4HlSJpSe4M6zo88PcwCgYIKoZIzj0EAwIwLDELMAkG -A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIyMDcx -MTA1MDU0NVoXDTIzMDcxMTA1MDU0NVowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM +MIIBUzCB+QIUYSQJkr9at+tEEb62Gk5xYyJ1dYMwCgYIKoZIzj0EAwIwLDELMAkG +A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIzMDgx +NTA5NDAwMVoXDTI4MDgxMzA5NDAwMVowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM BUhhaWZhMQ0wCwYDVQQKDARCQ0RCMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE -IWlXtC/ASjXgDujTcJ5fi2SMMJ7PaQ72yedRndHj+amA0m+ymWCxTifIuo3ZOaoL -7YYQGMh3+CfUMR/LVKNQyDAKBggqhkjOPQQDAgNHADBEAiBjtVCjcq7uP8OVbcJ+ -lwjmVL1VrmzxMwP/TWlXbZgwjAIgQmTJeTsmS/VOEMtaZxi/TGDB48NqKcM5pTdP -fBvwmec= +1tg6Mk10mGj0pyCwnordEcadv9odkXa/FQfVeFiP/Jpz25l1PjGRexr8hfA3RPNI +sQjpkRJFNZuXFcAABrnGBjAKBggqhkjOPQQDAgNJADBGAiEA876byAJBQi+Y13DW +geHLTlTXZVUIslpwddfPLKXwrN0CIQD2miKBmmH0fy1GBJ1Yf7H779Pt5Nxqigv4 +7Uc10goQUg== -----END CERTIFICATE----- diff --git a/scripts/README.md b/scripts/README.md index b1c9293a..f68bb93f 100644 --- a/scripts/README.md +++ b/scripts/README.md @@ -1 +1,4 @@ It holds the scripts to perform various build, and install. + +### creating keys and certificates and using them in configuration +Run from `orion-server` root folder and run `./scripts/cryptoGen.sh deployment` - keys and certificates are stored inside deployment diff --git a/scripts/cryptoGen.sh b/scripts/cryptoGen.sh index 9d02e343..6cc31550 100755 --- a/scripts/cryptoGen.sh +++ b/scripts/cryptoGen.sh @@ -12,7 +12,7 @@ create_pki() { docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl req -new -key "/export/$1/$1.key" -out "/export/$1/$1.csr" -subj "/C=IL/ST=Haifa/O=BCDB" echo "Generate node certificate" - docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl x509 -req -in "/export/$1/$1.csr" -CA "/export/CA/CA.pem" -CAkey "/export/CA/CA.key" -CAcreateserial -out "/export/$1/$1.pem" -days 365 -sha256 + docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl x509 -req -in "/export/$1/$1.csr" -CA "/export/CA/CA.pem" -CAkey "/export/CA/CA.key" -CAcreateserial -out "/export/$1/$1.pem" -days 1825 -sha256 } if [ -z "$1" ] @@ -39,7 +39,7 @@ docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl ecparam -name prim docker run -it --rm -v $BASE_DIR/crypto:/export nginx chmod ga+r "/export/CA/CA.key" echo "Generating self-signed root CA certificate" -docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl req -new -x509 -nodes -key "/export/CA/CA.key" -sha256 -days 365 -out "/export/CA/CA.pem" -subj "/C=IL/ST=Haifa/O=BCDB" -extensions v3_ca +docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl req -new -x509 -nodes -key "/export/CA/CA.key" -sha256 -days 1825 -out "/export/CA/CA.pem" -subj "/C=IL/ST=Haifa/O=BCDB" -extensions v3_ca for f in "server" "admin" "user" do