Security/Certificate: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older editNewer edit →
VisualWikitext
Line 18: Line 18:
== Certificate » RootCA==
== Certificate » RootCA==
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
ROOT_CA_CNF="$(mktemp -u)"
ROOTCA_CNF="$(mktemp -u)"
cat <<'CNF'|tee ${ROOT_CA_CNF} >/dev/null
cat <<'CNF'|tee ${ROOTCA_CNF} >/dev/null
[ req ]
[ req ]
distinguished_name = dn
distinguished_name = dn
Line 25: Line 25:


[ dn ]
[ dn ]
C           = MY
C                 = MY
ST           = WP Kuala Lumpur
ST               = WP Kuala Lumpur
L           = Kuala Lumpur
L                 = Kuala Lumpur
O           = Chorke
O                 = Chorke, Inc.
OU           = Academia
OU               = Chorke
CN           = chorke.org
CN               = chorke.org
emailAddress = info@chorke.org
emailAddress     = info@chorke.org
CNF
CNF


echo -n 'Password: ';read -s PEM_PASS_PHRASE;export PEM_PASS_PHRASE;echo
echo -n 'Password: ';read -s ROOTCA_PASS_PHRASE;export ROOTCA_PASS_PHRASE;echo
# Password: pfHyhrtvHC4p3oW5
 
openssl genpkey  -algorithm RSA -out rootCA.key -aes256 -pass file:<(echo "${ROOTCA_PASS_PHRASE}")
openssl req -x509 -new -nodes    -key rootCA.key -sha256 -days 1024 -out rootCA.pem -config ${ROOTCA_CNF} -passin file:<(echo "${ROOTCA_PASS_PHRASE}")
</syntaxhighlight>
 
== Certificate » RootCA » SubCA==
<syntaxhighlight lang="bash">
SUBCA_CNF="$(mktemp -u)"
cat <<'CNF'|tee ${SUBCA_CNF} >/dev/null
[ req ]
distinguished_name = dn
prompt = no
 
[ dn ]
C                = MY
ST                = WP Kuala Lumpur
L                = Kuala Lumpur
O                = Chorke, Inc.
OU                = Academia
CN                = chorke.org
emailAddress      = info@chorke.org
 
[req_attrs]
challengePassword = ChangeIt
unstructuredName  = Chorke Academia, Inc.
CNF
 
echo -n 'Password: ';read -s SUBCA_PASS_PHRASE;export SUBCA_PASS_PHRASE;echo
# Password: wTwezXF4sNLoWBsI
# Password: wTwezXF4sNLoWBsI


openssl genpkey  -algorithm RSA -out rootCA.key -aes256 -pass file:<(echo "${PEM_PASS_PHRASE}")
openssl genpkey  -algorithm RSA -out subCA.key -aes256 -pass file:<(echo "${SUBCA_PASS_PHRASE}")
openssl req -x509 -new -nodes    -key rootCA.key -sha256 -days 1024 -out rootCA.pem -config ${ROOT_CA_CNF} -passin file:<(echo "${PEM_PASS_PHRASE}")
openssl req -new  -key subCA.key -out  subCA.csr -config ${SUBCA_CNF} -passin file:<(echo "$SUBCA_PASS_PHRASE")
openssl x509 -req -in  subCA.csr -CA  rootCA.pem -CAkey rootCA.key -CAcreateserial -out subCA.pem -days 1024 -sha256 -passin file:<(echo "${ROOTCA_PASS_PHRASE}")
</syntaxhighlight>
</syntaxhighlight>


Revision as of 06:13, 26 May 2025

Certificate » Password

makepasswd --chars 16 --count 10 --crypt-md5
:'
wTwezXF4sNLoWBsI   $1$OCSDx0zn$U9WW0udI8pYfIrCCuz2Md1
pfHyhrtvHC4p3oW5   $1$6b/SQRXF$UwLDhHZMyWfsw/S0g6GgZ1
WLNv9CD8XcR3poHp   $1$oVsmVh6Q$Vq4amLARt2iMezos.pT1N.
cCJvJU8rFeHbu4Ix   $1$qlaCpIFj$jWqjkdALO535Ww58k3KE2/
7WeBH8nwMXR78Gdd   $1$afyCWr0p$6bMRrvCnrBeo/BdVJi70E1
IxGjQAogqv3e18rj   $1$60UWcAxR$bFfRlXHzVvZkjTripK9v..
JXveCv0LjsAix5cp   $1$FANZ3WNf$hq2BPd1SXdL.2yvKf0/.7/
eoFqedaFpKKDqVCw   $1$4TCNgJCv$v1z4Y8IR5a4Nan5VkAAe8/
9npSy42dxUH2w15y   $1$APixN7OV$XIe.K3qPi/aezzWyhf7F./
SuwCWQ39RNKUcKAM   $1$qnnfDUE1$ucuWcIpNBuCvCBjCiHaoG/
'

Certificate » RootCA

ROOTCA_CNF="$(mktemp -u)"
cat <<'CNF'|tee ${ROOTCA_CNF} >/dev/null
[ req ]
distinguished_name = dn
prompt = no

[ dn ]
C                 = MY
ST                = WP Kuala Lumpur
L                 = Kuala Lumpur
O                 = Chorke, Inc.
OU                = Chorke
CN                = chorke.org
emailAddress      = info@chorke.org
CNF

echo -n 'Password: ';read -s ROOTCA_PASS_PHRASE;export ROOTCA_PASS_PHRASE;echo
# Password: pfHyhrtvHC4p3oW5

openssl genpkey   -algorithm RSA -out rootCA.key -aes256 -pass file:<(echo "${ROOTCA_PASS_PHRASE}")
openssl req -x509 -new -nodes    -key rootCA.key -sha256 -days 1024 -out rootCA.pem -config ${ROOTCA_CNF} -passin file:<(echo "${ROOTCA_PASS_PHRASE}")

Certificate » RootCA » SubCA

SUBCA_CNF="$(mktemp -u)"
cat <<'CNF'|tee ${SUBCA_CNF} >/dev/null
[ req ]
distinguished_name = dn
prompt = no

[ dn ]
C                 = MY
ST                = WP Kuala Lumpur
L                 = Kuala Lumpur
O                 = Chorke, Inc.
OU                = Academia
CN                = chorke.org
emailAddress      = info@chorke.org

[req_attrs]
challengePassword = ChangeIt
unstructuredName  = Chorke Academia, Inc.
CNF

echo -n 'Password: ';read -s SUBCA_PASS_PHRASE;export SUBCA_PASS_PHRASE;echo
# Password: wTwezXF4sNLoWBsI

openssl genpkey   -algorithm RSA -out  subCA.key -aes256 -pass file:<(echo "${SUBCA_PASS_PHRASE}")
openssl req -new  -key subCA.key -out  subCA.csr -config ${SUBCA_CNF} -passin file:<(echo "$SUBCA_PASS_PHRASE")
openssl x509 -req -in  subCA.csr -CA  rootCA.pem -CAkey rootCA.key  -CAcreateserial -out subCA.pem -days 1024 -sha256 -passin file:<(echo "${ROOTCA_PASS_PHRASE}")

Playground

nmap vpn.shahed.biz --reason -Pn --top 20
nmap vpn.shahed.biz --reason -Pn -p25,465,587,993

sudo tail -n100 -f /var/log/auth.log
sudo tail -n100 -f /var/log/kern.log

sudo cat /etc/shadow|grep nobody
last

sudo apt-get install makepasswd
echo 'sadaqah!'|makepasswd --crypt-md5 --clearfrom=-

makepasswd --chars 12 --count 5 --crypt-md5
makepasswd --chars 12 --count 5 --crypt

makepasswd --chars 12 --count 5
makepasswd --chars 12

References

Retrieved from "https://wiki.chorke.org/index.php?title=Security/Certificate&oldid=14591"