From 01de3e99ca15dc6d4af1d42c61d89f7b0e42a302 Mon Sep 17 00:00:00 2001 From: greg-sk Date: Tue, 8 Apr 2014 10:04:33 +0100 Subject: [PATCH] config/deploy/certs cleanup --- config/certs/server.crt | 19 ------------------- config/certs/server.csr | 17 ----------------- config/certs/server.key | 27 --------------------------- config/deploy/rfwgen | 1 - config/{certs => notes}/gen_certs.sh | 8 +++++--- 5 files changed, 5 insertions(+), 67 deletions(-) delete mode 100644 config/certs/server.crt delete mode 100644 config/certs/server.csr delete mode 100644 config/certs/server.key rename config/{certs => notes}/gen_certs.sh (90%) diff --git a/config/certs/server.crt b/config/certs/server.crt deleted file mode 100644 index b085ee6..0000000 --- a/config/certs/server.crt +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDLDCCAhQCCQDSos24rayOdDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJB -VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 -cyBQdHkgTHRkMREwDwYDVQQDDAhzZXJ2ZXJpcDAeFw0xNDAxMjYyMzQ3MTdaFw0y -NDAxMjcyMzQ3MTdaMFgxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRl -MSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxETAPBgNVBAMMCHNl -cnZlcmlwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14B0R2YNjIkO -i3LQvfR8M8/0tf/99KWxIAch5Aa/XzC5u5doaRUloZ9CABX24DEcmb0EHb455SRN -gng2KibzI8xeIc5C4EJkULyGhMmIRsFzMt6ckXouLZ4KamiZZSmHV6qZKNgf/ziL -ZC2ZK780KbAAv/rpiqBhha2WtvPiKo75pgJc8EoBkuHTG8+xU+rRK3EvGSed1jsK -ksrQ+zyYTnTR7JG5yYMT/QonTokRgq/G/CQbqw5x395o/FFsOkc2y2pcfaNxCQjW -3d/M6G7qp9y9Hrro/jlYabJvLagKltpW4bQ5H8IOhfskD4+pPv/yT8vnKlBy31LA -KVJU9qn33wIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQABsLCPHyu4CuffF6WSHjv4 -mGkDfppapD7wd/ydKsf20vmSh0jYjK3db3YJNE46WftwgTAD9uXQ65PlVL2NUB3j -7T8VVVmRtBgiggvi5UK32I4c60iQBee1Xh3dkkhLQGhdii3NNbk0cd9r96oEo5Ie -t1ET0FPnBYp4GNX+/Nf4Dnwb7JR9/cYcNUY2s7mCcy5E8kawn0E8MNGK5VPUE2V0 -+T8VPe0YPTNNaOSiadP6lVsPjJh+jMmIYw7QvvtqfxSf+0vBy8rqxXmAULBdAlm5 -r+csfGFEzGkRLvPvZZBblIcZg2baw86opXZSFe73K0hAd0+et3NsN39hpQYsreIH ------END CERTIFICATE----- diff --git a/config/certs/server.csr b/config/certs/server.csr deleted file mode 100644 index 3377a38..0000000 --- a/config/certs/server.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICnTCCAYUCAQAwWDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx -ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDERMA8GA1UEAwwIc2Vy -dmVyaXAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXgHRHZg2MiQ6L -ctC99Hwzz/S1//30pbEgByHkBr9fMLm7l2hpFSWhn0IAFfbgMRyZvQQdvjnlJE2C -eDYqJvMjzF4hzkLgQmRQvIaEyYhGwXMy3pyRei4tngpqaJllKYdXqpko2B//OItk -LZkrvzQpsAC/+umKoGGFrZa28+IqjvmmAlzwSgGS4dMbz7FT6tErcS8ZJ53WOwqS -ytD7PJhOdNHskbnJgxP9CidOiRGCr8b8JBurDnHf3mj8UWw6RzbLalx9o3EJCNbd -38zobuqn3L0euuj+OVhpsm8tqAqW2lbhtDkfwg6F+yQPj6k+//JPy+cqUHLfUsAp -UlT2qfffAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAeU6eQw2ZjddXqpPKklaE -Ul2OO/0oSSD6lzJi6q07fuXieq0f0EEISyfEGp1enqdr9TuO6kMiofsBP7xTP1oL -clc9dlVEjKqkS6NcOeugnufQ/PYs1zPtbTkP62xyWuvPcenXaPiDRny6cNgyTipG -44ROSek0B2KRXB41g5c4ijxywLuNMp6X+8+zmPO6+43RBqoOIVBkKWkb7ObPIWeD -Uko5ZfE0HxWxc4gKoaW+VIf3AIDdUhd1NgqXticEmMlphjNeRTcBcHh9nbIG0/S7 -6bQVgop+R6zkcNwHbWrJx+Yd1Z5nH+RzKQv32oXuFbMUULEJOE4gXmwzUVqmphib -Vw== ------END CERTIFICATE REQUEST----- diff --git a/config/certs/server.key b/config/certs/server.key deleted file mode 100644 index 6e9ea0b..0000000 --- a/config/certs/server.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA14B0R2YNjIkOi3LQvfR8M8/0tf/99KWxIAch5Aa/XzC5u5do -aRUloZ9CABX24DEcmb0EHb455SRNgng2KibzI8xeIc5C4EJkULyGhMmIRsFzMt6c -kXouLZ4KamiZZSmHV6qZKNgf/ziLZC2ZK780KbAAv/rpiqBhha2WtvPiKo75pgJc -8EoBkuHTG8+xU+rRK3EvGSed1jsKksrQ+zyYTnTR7JG5yYMT/QonTokRgq/G/CQb -qw5x395o/FFsOkc2y2pcfaNxCQjW3d/M6G7qp9y9Hrro/jlYabJvLagKltpW4bQ5 -H8IOhfskD4+pPv/yT8vnKlBy31LAKVJU9qn33wIDAQABAoIBAQCX+Q2HYG/DoM/y -BWkx3F1OiKPRSZNFWSfdJ0p+LUf+EDWbFj5ahMBCBzabKuIr3laGEKb7drALaRuE -G9ROy6MBptjnTDcbQZbO3PScZidFhpz/zb9qVFiGcQJ1YghzL+MzLqrOBAQkjzK1 -1fZDxJY7o9QTjxXtXgcIJ4+2u6zORzOUd4k0wZHi+UAi33HcCZiQqN6zL31/BISz -rqiohKsoFhVSeBn4WqF57mDQrM2ur9/v3vjZ4VMw4pNrxhUmOJSRrf1YwP5DvC3F -EAK1xfHj+cQ7zAAqTuofkfSGQA+b5L2kXhKA3xNOPIc57L2Sn4YvtQ+NxzsVPOoI -j7QM+G2JAoGBAPzuXKIrXsIbjv2PKQsyNYkTOTqYOKDnqs1rOxZno8X+FqdRR/gy -uOdWgUSEJFGFs7UNKPgDse7Ix2fPUq1Q9zul8Np71s1P5GBQ4J8gAu6g/MKJ0WFr -FPv4CazCBBLv5lKmgelCAGZ3sJ46eVxeF6/aT4LWaDwrc8YJ5lqoAyWFAoGBANod -1PJRsMd/XwDA7PgaGbaIESQF7ngXNveLMOXTI7oe3Rp6sDAoYwmc2P/GvtMZ1EHW -QrSwpkJTdi/DWdB2i0XIvd8BEmYRsuuKXe/wr/ZHGNSzySo3n/Jj0nff0dIbxUZV -h+tWcFu5uKMkiNAJXT2a+/HO2paakYcsR4s2KSMTAoGAOWSBAo9izhrgxGpyvsai -3TrOdpxJ5UEMQdZ+LuRPhkLUsxy/fvNLf7riVEDD2PfEwmV9EWINQwiuLsEdmpRP -tWo/D+Sf5jClurE/dvwVjj5bfG03ZKqetVogH+JaeE2VbtW3js1aN+Ya3pyYIzx6 -lX2tIxwxxM17VMm0SofrRt0CgYEAikH6p5dMnUiJqeqgyyuQPPnHE7SG0qy0dPlQ -B35s2R+TO6OlZwFStdcsXgVXFGz89LaiFfMbkFNjSSdlGRTrd1KluGPvi6+QYGmW -3e8NOukaPkmwLAiSZI0N7lp7n9lmlQzGWVCzbBEvjoosBuLIrbI+HarnOCvGL47L -0tyD+u0CgYEA4dg6V/FNgrhB9WxLT7s5qjE32jTukrL1bmpIlDaub6qwaU9tzXCH -/XKcicpfHLiSMRG2xm1647hSbsvRvRJk8thUc1SGUguxdnMIfB2wo3ubSR7Xu7pH -zWHCu27gdf6CzWqcfZClAGEyjs9V4DzFYmYS0nMQsNAknZ9TBFP6NPY= ------END RSA PRIVATE KEY----- diff --git a/config/deploy/rfwgen b/config/deploy/rfwgen index cb8de1a..aa6be2d 100755 --- a/config/deploy/rfwgen +++ b/config/deploy/rfwgen @@ -75,7 +75,6 @@ if __name__ == '__main__': print usage() sys.exit(-1) - #TODO set umask and/or individual file permissions os.umask(0077) server_dir = 'server_{}'.format(server_ip) diff --git a/config/certs/gen_certs.sh b/config/notes/gen_certs.sh similarity index 90% rename from config/certs/gen_certs.sh rename to config/notes/gen_certs.sh index 40d0f0a..c50a931 100644 --- a/config/certs/gen_certs.sh +++ b/config/notes/gen_certs.sh @@ -1,8 +1,10 @@ #!/usr/bin/env sh +# Here are notes on creating certs and CA ################################# -# For now we create the self-signed cert as per: +# 1. Self-signed cert +################################# # https://devcenter.heroku.com/articles/ssl-certificate-self # Generate private key and certificate signing request @@ -17,9 +19,9 @@ openssl x509 -req -days 3653 -in server.csr -signkey server.key -out server.crt ################################# -# In the future automate creating single CA and sign certs for every server. +# 2. Create CA and sign certs +################################# # See http://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl/ -# Here is the procedure # generate a 4096-bit long RSA key for the root CA if does not exist openssl genrsa -out ca.key 4096