Posts tagged ‘sysadmin’
Turning your computer into a wireless router – easy-to-run code.
The following script adapted from this post https://exain.wordpress.com/2011/03/31/making-a-wifi-hotspot-access-point-using-linux-wifi-lan-cardusb-adapter/ will an ubuntu linux laptop with a wireless dongle into a wireless router:
https://github.com/argandgahandapandpa/computer-router
You need to run sudo bash start.sh and sudo bash stop.sh to start and stop the script, and create a local settings file to store your configuration.
Becoming a certificate authority (CA) in one file
I found this blog post very useful when trying to set up a CA : Becoming a certificate authority.
However extended howtos with cut-and-paste code samples, though useful, kind of suck for some use cases. I’ve converted this into a single file bash script which you should be able to download and run to create a sample CA, and sign a sample certificate.
Bear in mind that you probably want to tweak a few things, but this should give you something that works
#!/bin/bash # Make a key rm -rf cert_dir mkdir cert_dir # First we need keys to prove that we have signed things openssl genrsa 1025 > cert_dir/private.pem # private key openssl rsa -in cert_dir/private.pem -pubout -out cert_dir/public.pem # Then we need a certificate to tell other people that we can # issue certificates # Write down what we want to appear in this certificate cat > cert_dir/ca_config <<EOF [ req ] #default_bits = 1024 #default_keyfile = privkey.pem distinguished_name = req_distinguished_name #attributes = req_attributes x509_extensions = v3_ca prompt = no [ req_distinguished_name ] countryName = UK localityName = London organizationalUnitName = Certs commonName = www.certificates4all.com #emailAddress = test@test [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints = CA:true [ ca ] default_ca = CA_Default [ CA_Default ] email_in_dn = no dir = . new_certs_dir = ./cert_dir database = ./cert_dir/issue certificate = ./cert_dir/ca_cert serial = ./cert_dir/serial private_key = ./cert_dir/private.pem name_opt = ca_default cert_opt = ca_default default_crl_days = 30 default_days = 365 default_md = sha1 preserve = no policy = policy_match [ policy_match ] countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional EOF # Turn this configuration into a certificate echo creating ca cert openssl req -config cert_dir/ca_config -key cert_dir/private.pem -new -x509 -extensions v3_ca > cert_dir/ca_cert # Some configuration files to remember what we have signed echo 0001 > cert_dir/serial touch cert_dir/issue # database touch cert_dir/issue.attr # We now are a working certificate authority - yay! # Now to do some sample signing... echo signing sample cert # Reuse out CA key as our server key - # in real life this would be different # A site creates request for something to be signed, they # must sign this so that only they can claim to be this person # Writing down details of certification request cat > cert_dir/cert_config << EOF [ req ] #default_bits = 1024 #default_keyfile = privkey.pem distinguished_name = req_distinguished_name #attributes = req_attributes prompt = no [ req_distinguished_name ] countryName = MN localityName = GoogleVile organizationalUnitName = google commonName = *.google.com #emailAddress = test@test EOF # Turn this configuration into a binary request openssl req -new -config cert_dir/cert_config -key cert_dir/private.pem > cert_dir/sample_site.req # We then sign this certifcate to say that we believe they are who they say they are openssl ca -batch -config cert_dir/ca_config -in cert_dir/sample_site.req -out cert_dir/sample_site.cert