artur/environment
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Example of using SSL: CA => CSR => Sign

Browse source
This commit is contained in:
Artur Gurgul 2025-08-12 07:35:18 +02:00
parent 78d7233ff3
commit ca5d4c4b72
3 changed files with 96 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

93
bin/ssl Executable file
View file

@ -0,0 +1,93 @@
#!/usr/bin/env ruby
require "fileutils"
require "open3"
def cmd(*cmd)
stdout, stderr, status = Open3.capture3(*cmd)
unless status.success?
warn "Command failed: #{cmd.join(' ')}"
warn stderr
exit status.exitstatus || 1
end
stdout
end
subcommand = ARGV.shift&.to_sym
arg1 = ARGV[0] && ARGV[0] !~ /^-/ ? ARGV.shift : nil
arg2 = ARGV[0] && ARGV[0] !~ /^-/ ? ARGV.shift : nil
$domains = ["mediacenter.lan"]
$ips = ["192.168.0.94"]
### Setting up for client
$cn = $domains.first
name = $cn.gsub("*", "wildcard")
dir = "certs"
FileUtils.mkdir_p(dir)
$key = File.join(dir, "#{name}.key.pem")
$csr = File.join(dir, "#{name}.csr.pem")
$crt = File.join(dir, "#{name}.crt.pem")
$ext = File.join(dir, "#{name}.ext")
############################
### Setting up for CA
$ca_name = "My Lab"
#############################
def create_CA
cmd "openssl", "genrsa", "-out", "rootCA.key.pem", "4096"
cmd "chmod", "600", "rootCA.key.pem"
cmd "openssl", "req", "-x509", "-new", "-nodes", "-key",
"rootCA.key.pem", "-sha256", "-days", "3650",
"-out", "rootCA.crt.pem",
"-subj", "/C=XX/ST=Lab/L=Local/O=#{$ca_name}/CN=#{$ca_name} Root CA"
end
def create_CSR
cmd "openssl", "genrsa", "-out", $key, "2048"
cmd "openssl", "req", "-new", "-key", $key, "-out", $csr, "-subj", "/CN=#{$cn}/O=#{$ca_name}"
end
def create_extfile
ext_lines = []
ext_lines << "basicConstraints=CA:FALSE"
ext_lines << "keyUsage=digitalSignature,keyEncipherment"
ext_lines << "extendedKeyUsage=serverAuth"
ext_lines << "subjectAltName=@alt_names"
ext_lines << "[alt_names]"
$domains.each_with_index do |d, i|
ext_lines << "DNS.#{i + 1}=#{d}"
end
$ips.each_with_index do |ip, j|
ext_lines << "IP.#{j + 1}=#{ip}"
end
File.write($ext, ext_lines.join("\n") + "\n")
end
def sign_with_CA
cmd "openssl", "x509", "-req", "-in", $csr,
"-CA", "rootCA.crt.pem", "-CAkey", "rootCA.key.pem",
"-CAcreateserial", "-out", $crt, "-days", "397", "-sha256",
"-extfile", $ext
end
case subcommand
when :ca
create_CA
when :csr
create_CSR
when :casign
create_extfile
sign_with_CA
else
puts "no command handler"
end

3
bin/vm
View file

@ -18,7 +18,8 @@ OptionParser.new do |opt|
opt.on('--name NAME', 'Virtaul Machine name') do |name| opt.on('--name NAME', 'Virtaul Machine name') do |name|
options.name = name options.name = name
end end
# new from copy
# fetch from the server
end.parse! end.parse!

2
lib/virtual-machine.rb
View file

@ -28,7 +28,7 @@ module VirtualMachine
Downloader.get(url) do |path| Downloader.get(url) do |path|
disk_img_path = File.join(User.cache_path, "vm", distro.to_s, arch.to_s, options[:name], "root.img") disk_img_path = File.join(User.cache_path, "vm", distro.to_s, arch.to_s, options[:name], "root.img")
create_disk_image(disk_img_path, 5000) create_disk_image(disk_img_path, 15000)
puts path puts path
puts disk_img_path puts disk_img_path