Ci-dessous, les différences entre deux révisions de la page.
— |
machines:grifon:constance [2017/05/13 18:37] (Version actuelle) gizmo créée |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
+ | ====== constance ====== | ||
+ | Machine virtuelle sous Debian 8 | ||
+ | |||
+ | Administrateurs : | ||
+ | |||
+ | * alarig | ||
+ | * gizmo | ||
+ | * dotux | ||
+ | |||
+ | VM dédiée à la CA de Grifon. | ||
+ | Les certificats générés sont dans /etc/ssl/local_ca | ||
+ | |||
+ | <file> | ||
+ | #!/usr/bin/env sh | ||
+ | |||
+ | if [ $# != 1 ]; then | ||
+ | echo "Paramètre manquant\n" | ||
+ | echo "$0 service_name \n" | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | CLIENT_SERVICE=$1 | ||
+ | LOCAL_CA="/etc/ssl/local_ca/" | ||
+ | LOCAL_FOLDER="${LOCAL_CA}clients" | ||
+ | FULL_PATH="${LOCAL_FOLDER}/${CLIENT_SERVICE}" | ||
+ | |||
+ | echo "Gen service private key for ${CLIENT_SERVICE}" | ||
+ | openssl genrsa -out ${FULL_PATH}.key 4096 | ||
+ | |||
+ | echo "Create service csr for ${CLIENT_SERVICE}" | ||
+ | openssl req -new -key ${FULL_PATH}.key -out ${FULL_PATH}.csr -subj "/C=FR/ST=Bretagne/L=Rennes/O=grifon.fr/CN=${CLIENT_SERVICE}.grifon.fr" | ||
+ | |||
+ | echo "Create service crt ${CLIENT_SERVICE}" | ||
+ | openssl x509 -days 365 -req -sha512 -in ${FULL_PATH}.csr -out ${FULL_PATH}.crt -CA ${LOCAL_CA}CAroot.crt -CAkey ${LOCAL_CA}CAroot.key -CAcreateserial -CAserial ${LOCAL_CA}CAroot.srl | ||
+ | </file> |