-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(os): certificate generation for windows (#17)
* feat(os): add certgen script for windows * Create gen_all_certs_win.ps1 (#16) Updated code of gen_all_certs.ps1 to run it on Windows machine Co-authored-by: shreybansod <[email protected]> * Delete scripts/certgen/gen_all_certs.ps1 * Rename gen_all_certs_win.ps1 to gen_all_certs.ps1 --------- Co-authored-by: Torsten Egenolf <[email protected]> Co-authored-by: shreybansod <[email protected]>
- Loading branch information
3 people
authored
May 16, 2024
1 parent
48f4da1
commit b98fefe
Showing
3 changed files
with
30 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -15,7 +15,7 @@ Collect this information and transfer it for each environment: | |
| - [tng-bot-dev](https://github.com/tng-bot-dev) for development (DEV) and user acceptance testing (UAT) environments. | ||
| - Create GPG Keys for responsible persons for each environment (see below) | ||
| 3) Fill in content for your country: | ||
| - for DEV and UAT environments you may use the conf files and the [certgen bash script](scripts/certgen/gen_all_certs.sh) as a guideline | ||
| - for DEV and UAT environments you may use the conf files and the [certgen bash script](scripts/certgen/gen_all_certs.sh) as a guideline (see [README](scripts/certgen/README.md)) | ||
|
|
||
| 4) Send an onboarding/participation request to [email protected] | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| # valid for 4 years | ||
| $DAYS_CA=1461 | ||
| # valid for 1 year | ||
| $DAYS_TLS=365 | ||
| # valid for 1 year | ||
| $DAYS_UPLOAD=365 | ||
|
|
||
| # configure the DN | ||
| $env:OSSL_COUNTRY_NAME="XA" | ||
| $env:OSSL_STATE_NAME="Test State" | ||
| $env:OSSL_LOCALITY_NAME="Geneva" | ||
| $env:OSSL_ORGANIZATION_NAME="WHO" | ||
| $env:OSSL_ORGANIZATIONAL_UNIT_NAME="R&D" | ||
| # $env:OSSL_COMMON_NAME="WHO International" # default entry of the corresponding config file will be used | ||
|
|
||
| # generate a new directory for each run | ||
| $subdir = Get-Date -Format "yyyyMMddHHmmss" | ||
| New-Item -ItemType Directory -Force -Path $subdir | ||
|
|
||
| # generate the certificates and keys for the SCA, TLS, and upload | ||
| openssl ecparam -name prime256v1 -out ecparam.pem | ||
| openssl req -x509 -new -days $DAYS_CA -newkey ec:ecparam.pem -extensions ext -keyout $subdir/SCA.key -nodes -out $subdir/SCA.pem -config sca.conf | ||
| openssl req -x509 -new -days $DAYS_TLS -newkey ec:ecparam.pem -extensions ext -keyout $subdir/TLS.key -nodes -out $subdir/TLS.pem -config TLSClient.conf | ||
| openssl req -x509 -new -days $DAYS_UPLOAD -newkey ec:ecparam.pem -extensions ext -keyout $subdir/UP.key -nodes -out $subdir/UP.pem -config uploadCert.conf | ||
| rm ecparam.pem | ||
| # special case to only place CA.pem file for self-signed TLS cert as a copy | ||
| Copy-Item -Path $subdir/TLS.pem -Destination $subdir/CA.pem |