Posts tagged ‘sysadmin’

Turning your computer into a wireless router – easy-to-run code.

The following script adapted from this post https://exain.wordpress.com/2011/03/31/making-a-wifi-hotspot-access-point-using-linux-wifi-lan-cardusb-adapter/ will an ubuntu linux laptop with a wireless dongle into a wireless router:

https://github.com/argandgahandapandpa/computer-router

You need to run sudo bash start.sh and sudo bash stop.sh to start and stop the script, and create a local settings file to store your configuration.

November 26, 2011 at 7:17 pm Leave a comment

Becoming a certificate authority (CA) in one file

I found this blog post very useful when trying to set up a CA : Becoming a certificate authority.

However extended howtos with cut-and-paste code samples, though useful, kind of suck for some use cases. I’ve converted this into a single file bash script which you should be able to download and run to create a sample CA, and sign a sample certificate.

Bear in mind that you probably want to tweak a few things, but this should give you something that works

#!/bin/bash
# Make a key
rm -rf cert_dir
mkdir cert_dir

# First we need keys to prove that we have signed things
openssl genrsa 1025 > cert_dir/private.pem # private key
openssl rsa -in cert_dir/private.pem -pubout -out cert_dir/public.pem

# Then we need a certificate to tell other people that we can 
# issue certificates

#    Write down what we want to appear in this certificate

cat > cert_dir/ca_config <<EOF
[ req ]
#default_bits           = 1024
#default_keyfile        = privkey.pem
distinguished_name     = req_distinguished_name
#attributes             = req_attributes
x509_extensions        = v3_ca
prompt = no

[ req_distinguished_name ]
countryName                    = UK 
localityName                   = London 
organizationalUnitName         = Certs 
commonName                     = www.certificates4all.com 
#emailAddress                   = test@test 

[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true

[ ca ]
default_ca = CA_Default


[ CA_Default ]
email_in_dn             = no
dir                     = .
new_certs_dir           = ./cert_dir
database                = ./cert_dir/issue
certificate             = ./cert_dir/ca_cert
serial                  = ./cert_dir/serial
private_key             = ./cert_dir/private.pem
name_opt                = ca_default
cert_opt                = ca_default
default_crl_days        = 30
default_days            = 365
default_md              = sha1
preserve                = no
policy                  = policy_match

[ policy_match ]
countryName             = optional
stateOrProvinceName     = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional
EOF

#     Turn this configuration into a certificate
echo creating ca cert
openssl req -config cert_dir/ca_config -key cert_dir/private.pem -new -x509 -extensions v3_ca > cert_dir/ca_cert 

# Some configuration files to remember what we have signed
echo 0001 > cert_dir/serial
touch cert_dir/issue # database
touch cert_dir/issue.attr


# We now are a working certificate authority - yay!

# Now to do some sample signing...

echo signing sample cert

# Reuse out CA key as our server key - 
# in real life this would be different

# A site creates request for something to be signed, they
# must sign this so that only they can claim to be this person

#    Writing down details of certification request
cat > cert_dir/cert_config << EOF
[ req ]
#default_bits           = 1024
#default_keyfile        = privkey.pem
distinguished_name     = req_distinguished_name
#attributes             = req_attributes
prompt = no

[ req_distinguished_name ]
countryName                    = MN 
localityName                   = GoogleVile 
organizationalUnitName         = google 
commonName                     = *.google.com 
#emailAddress                   = test@test 
EOF

#    Turn this configuration into a binary request
openssl req -new -config cert_dir/cert_config -key cert_dir/private.pem > cert_dir/sample_site.req

# We then sign this certifcate to say that we believe they are who they say they are
openssl ca -batch -config cert_dir/ca_config -in cert_dir/sample_site.req -out cert_dir/sample_site.cert

July 15, 2011 at 2:06 pm Leave a comment


August 2017
M T W T F S S
« Nov    
 123456
78910111213
14151617181920
21222324252627
28293031