From b403b006b2db9436acf67c351302aa56dab82743 Mon Sep 17 00:00:00 2001 From: Firas Ghanmi Date: Mon, 1 Jul 2024 14:38:21 +0200 Subject: [PATCH 1/5] Add TLS support for CTLog Signed-off-by: Firas Ghanmi --- cmd/app/serve.go | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/cmd/app/serve.go b/cmd/app/serve.go index 016e42ba0..62bb913be 100644 --- a/cmd/app/serve.go +++ b/cmd/app/serve.go @@ -18,6 +18,7 @@ package app import ( "bytes" "context" + "crypto/tls" "crypto/x509" "errors" "flag" @@ -108,6 +109,7 @@ func newServeCmd() *cobra.Command { cmd.Flags().String("grpc-tls-certificate", "", "the certificate file to use for secure connections - only applies to grpc-port") cmd.Flags().String("grpc-tls-key", "", "the private key file to use for secure connections (without passphrase) - only applies to grpc-port") cmd.Flags().Duration("idle-connection-timeout", 30*time.Second, "The time allowed for connections (HTTP or gRPC) to go idle before being closed by the server") + cmd.Flags().String("tls-ca-cert", "", "Path to TLS CA certificate") // convert "http-host" flag to "host" and "http-port" flag to be "port" cmd.Flags().SetNormalizeFunc(func(_ *pflag.FlagSet, name string) pflag.NormalizedName { @@ -273,7 +275,33 @@ func runServeCmd(cmd *cobra.Command, args []string) { //nolint: revive } opts.PublicKey = string(pemPubKey) } - ctClient, err = ctclient.New(logURL, &http.Client{Timeout: 30 * time.Second}, opts) + var httpClient *http.Client + if tlsCaCertPath := viper.GetString("tls-ca-cert"); tlsCaCertPath != "" { + tlsCaCert, err := os.ReadFile(filepath.Clean(tlsCaCertPath)) + if err != nil { + log.Logger.Fatal(err) + } + caCertPool := x509.NewCertPool() + if ok := caCertPool.AppendCertsFromPEM(tlsCaCert); !ok { + log.Logger.Fatal("failed to append TLS CA certificate") + } + tlsConfig := &tls.Config{ + RootCAs: caCertPool, + MinVersion: tls.VersionTLS12, + } + transport := &http.Transport{ + TLSClientConfig: tlsConfig, + } + httpClient = &http.Client{ + Timeout: 30 * time.Second, + Transport: transport, + } + } else { + httpClient = &http.Client{ + Timeout: 30 * time.Second, + } + } + ctClient, err = ctclient.New(logURL, httpClient, opts) if err != nil { log.Logger.Fatal(err) } From e8b489d97dd716f8518492ed852d761a443cb1c3 Mon Sep 17 00:00:00 2001 From: Firas Ghanmi Date: Sun, 28 Jul 2024 12:53:00 +0200 Subject: [PATCH 2/5] update tls-ca-cert cmd line Signed-off-by: Firas Ghanmi --- cmd/app/serve.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/app/serve.go b/cmd/app/serve.go index 62bb913be..5ca4ae52a 100644 --- a/cmd/app/serve.go +++ b/cmd/app/serve.go @@ -109,7 +109,7 @@ func newServeCmd() *cobra.Command { cmd.Flags().String("grpc-tls-certificate", "", "the certificate file to use for secure connections - only applies to grpc-port") cmd.Flags().String("grpc-tls-key", "", "the private key file to use for secure connections (without passphrase) - only applies to grpc-port") cmd.Flags().Duration("idle-connection-timeout", 30*time.Second, "The time allowed for connections (HTTP or gRPC) to go idle before being closed by the server") - cmd.Flags().String("tls-ca-cert", "", "Path to TLS CA certificate") + cmd.Flags().String("ct-log.tls-ca-cert", "", "Path to TLS CA certificate used to connect to ct-log") // convert "http-host" flag to "host" and "http-port" flag to be "port" cmd.Flags().SetNormalizeFunc(func(_ *pflag.FlagSet, name string) pflag.NormalizedName { From 067368af8a6f88c4fa2fc427ef9d61a460bf49c0 Mon Sep 17 00:00:00 2001 From: Firas Ghanmi Date: Mon, 29 Jul 2024 14:11:03 +0200 Subject: [PATCH 3/5] updates Signed-off-by: Firas Ghanmi --- cmd/app/serve.go | 2 +- config/tls/ca.crt | 29 ++++++++++++++++++++++++++ config/tls/tls.crt | 31 +++++++++++++++++++++++++++ config/tls/tls.key | 52 ++++++++++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 7 ++++++- 5 files changed, 119 insertions(+), 2 deletions(-) create mode 100644 config/tls/ca.crt create mode 100644 config/tls/tls.crt create mode 100644 config/tls/tls.key diff --git a/cmd/app/serve.go b/cmd/app/serve.go index 5ca4ae52a..499de9085 100644 --- a/cmd/app/serve.go +++ b/cmd/app/serve.go @@ -276,7 +276,7 @@ func runServeCmd(cmd *cobra.Command, args []string) { //nolint: revive opts.PublicKey = string(pemPubKey) } var httpClient *http.Client - if tlsCaCertPath := viper.GetString("tls-ca-cert"); tlsCaCertPath != "" { + if tlsCaCertPath := viper.GetString("ct-log.tls-ca-cert"); tlsCaCertPath != "" { tlsCaCert, err := os.ReadFile(filepath.Clean(tlsCaCertPath)) if err != nil { log.Logger.Fatal(err) diff --git a/config/tls/ca.crt b/config/tls/ca.crt new file mode 100644 index 000000000..674cf2a34 --- /dev/null +++ b/config/tls/ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFAzCCAuugAwIBAgIUHVoudGeot0qmjmziA9njcOFXGGMwDQYJKoZIhvcNAQEL +BQAwEDEOMAwGA1UEAwwFTXkgQ0EwIBcNMjQwNzI0MjA0MDQ0WhgPMjEyNDA2MzAy +MDQwNDRaMBAxDjAMBgNVBAMMBU15IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAjuXxEhzC0K3w4gRDvldrI3NZSGiMFWWaghIqcjZe2cE6GnR428BG +Mdz30kzJ0XCFcpJzECYMUAS6odwH0ZeNh9YLhTn1Hn/R/pGO1gML5+3NSH76kHMT +mlYcn2qawXqY55iyERiPW/iamBMtTIRXQgKo0/JVThrGCsErwat117XDEE385uqS +06rqK9aWGlvk/9SSqb1LKy1gjRnQtnQWDNwIgAt9Or0AO+thAkYqY/6+fJj5z5XK +35E12PHd+XP9AKGu8Xcu3RUcIq0jOnZT23kycLrdLjaQKvt0sU/5u808qe2+YIe/ +ldwJCGr5SZXqKv5/Zv6giM1xNkv+RsLRaIEYlHD3CTn8qgESIImYnIuiwOa3n04q +ZGsaG6155p0pJuvXhZegXpvGnQ7Ku+Tx8mbAwoPHWBVBESz5pS8fIRZ5zgy/p/ZI +cz3Rgg6JXCGIe5o3y2TzlpeL0V5rgaqaQz0GLIXnrkjyGhxfK65H9fAPinZDVS4o +qGCnMfYqJwyf+oLLPZGz1CYCA5jemSugGRgm45O0UtMvzIomRhnmZVEalA/+qDhn +zFBOfPoY1jqHW9mWNeXOW4cpW+kQw3Chqy6TQ4hA6OADd5rXlkSKs05uW+UujWZf +DwupgaRG9cWj0uqoTmbgqxPqAoXW+NJmIQJVXVgxe9f+87ZgGRonFUUCAwEAAaNT +MFEwHQYDVR0OBBYEFGq8SuCoNKy7BGjUanonufX2Z7p5MB8GA1UdIwQYMBaAFGq8 +SuCoNKy7BGjUanonufX2Z7p5MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggIBABb3C7izkhKirLU9hXLdqwqkc9pUteBCYni+OjIqO8793unF6fP/Q32+ +rmLWpSHJ2t0CwsUQI5b5UZCPlv9MjyMi8QsnkZNcQnENoIgv8COB+PGEM6okhH3U +MInp+KqIekhi92QeoMxdbdzAp6e2MYW6UKgnuJU6y8oKmoJsBICLYY0H8z5dBPd0 +fdnE0AKdWGkZ99w7qvlN3dvLe9//aNg5qtxGokNsvBxtdoj7KXiPYlaz5bazl2p3 +dlboojhidLqIejzPzH0Q7gGWgAOvwRD3vFznwuoi6J596JvTzi0Wx14mBKibyeHs +vQIndFeOVGIsLC2kK5JEW7rAPcyzRkTh7Qj3vAfvAbsDuSS7Kc8ULV8NRfxBb2lS +QVKNHKfNDCjZ1XmsE7BWSpCF/mCEtBKuRGwtGI8dtmgxwmq4p1w8WwanrEQdtZP/ +C00my+QEnm6CxBSKEJWjkU32jP9NQb7Cnz+/iUVAQX3iZgPQ3+sF4JxyEyoxkMm3 +U/Hy4lF3D9cGH1C8ZkJuhJDimezAjO8wO1I/XKbODpzG5bbm5feIW42If0eirT90 +doBF6QrHi6lOGpLAaWc6eCtSm7HuxkJvfX0vjoefieIrLETSkq/yHzbYvToDGl0F +iOwjfiayctH3YP+GxvOD+Q6kQP20xEG09MYgQtJIKiT0F3x0sDEs +-----END CERTIFICATE----- diff --git a/config/tls/tls.crt b/config/tls/tls.crt new file mode 100644 index 000000000..ca04781c7 --- /dev/null +++ b/config/tls/tls.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIUUwaiANUP/pPFrbAsRqRltYFlZzUwDQYJKoZIhvcNAQEL +BQAwEDEOMAwGA1UEAwwFTXkgQ0EwHhcNMjQwNzI0MjA0MTIzWhcNMjQwOTIyMjA0 +MTIzWjA7MQ8wDQYDVQQLDAZTZXJ2ZXIxCjAIBgNVBAMMASoxHDAaBgkqhkiG9w0B +CQEWDXRsc0BnbWFpbC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCbvz8gzLIYAN8PXk4kPajOVQrYbRV6SzKC0ehGd+iTTe4/Srwl2sSHE0Zlb88R +maVyNtam/JfD8fYMjnHHyh0NyvM0jvUs0UgS0IiOoW9s7IgvJoI9yzWXXg7kX4Yw +ZOrf13FokKQqvKy8YrpEVmmw38TGNfgCwiKnWsrNqS4jICUT/rh6VHGuAVK44Uf4 +3rX6dIE/0VuHnfefdRyHvgExs7BZOZdF8/XOFXNIlrRRIjgRldtR1AQahvzUgst7 +jMWiu+f+M5XlU5DIImMGpK198HS7rnCAjiHOdMEbpdBEqXeDU1qQu11D4iYIOPzQ +AlEnYzXd0ynSXzRtJ9sLjfZIAGpA72u1ernLNh4k7/OwOeX6seDLYahkaNStxSip +YmHEmReIBeq+u84YZ1K5LwJioLFI0MJdvBu7fnYV5o2Tu03M47n2RRnizX/nWwqD +S4Mha3OPvQg2lwcO/o3zLJQ4Rf0lKeuZllQ6f7FfdjQIJW3PbQk1XTIDc94og+Cy +z/OdRY4TuaHU+GeZCTjKyYieFl2q8vmIZQh7GHayOVNh7ts41I3bYt7QwKzMqBcR +tzi8zjWVpB2fTkMogr4TFDtTUfJosWVnmY3YlQmAMRXqYSbVehrkQM/hi0XxDPn0 +hNZlJyg2jdQl4WiCEsCK3bglniLcCL7xL61FI03MB5IBzwIDAQABo24wbDAqBgNV +HREEIzAhggEqghZodHRwczovL2N0X3NlcnZlcjo2OTYyhwQAAAAAMB0GA1UdDgQW +BBTIrMR1pR30/uPPz0VHIIsj1lmCSTAfBgNVHSMEGDAWgBRqvErgqDSsuwRo1Gp6 +J7n19me6eTANBgkqhkiG9w0BAQsFAAOCAgEAF6EKMKUC/LegXLFsCxY0c5hzd2Vf +TO0Si3/Y0lJ00zdGHgyTXCxqTXGutHYyEX9QF2+yg2WVQu7NzTpc/7tpa7FroJpo +Wc0ll6rGuhWaLv8EYJ33sHJBU3yyU9mKUQVgdk4PJAsTu5RlkQy7gdjNUOwjPCwI +2U/r01UfIHihbScPE3eIu5cvk39LESJEUmWixoOievUYmdZ/R0hSzwFv2XXo2HBj ++2qSnOq/O2AvltX2c2zVuoRxR9qa6TfznskP6mmXEcxwIUJV86EgnJthVVHQfWUC +V9o9TTfBwhfKtJ7oH6C3t8dZJqjXtXFt/mzI0tZdqEN6Ozlc7zNB72mpW5pNlY3J +1BMGEDdJesyWTG9nKzg8AjW2mbTaHKJBk72/RnRhgoV5yOY/kPcYBf83jyzbuafr +KJBmUewPdf/T3/QSlDMaX+6rKSNNLgKgQwAlOdd+eaWdcZlT2UTJTSGJv3aANBEy +2Ajv2ZzLcw24uAZEIFJKh8jswtkCMScvePlVlhgAY7SZMNvtO9HepQMtpwRD/jkv +e7IRHhB7tEFUiTHmsVc7llIlJRsOewtsLjwacpfKkFWGpZQmyEy+Xxf/FkGQLyQ/ +KQJYFJ+uScq6Ae9RatWNTnhC6Ja75estMfL0SatrE1yGyZUTTGWdYohxYbiJYsgd +bW3vUsnPEIFX0Fo= +-----END CERTIFICATE----- diff --git a/config/tls/tls.key b/config/tls/tls.key new file mode 100644 index 000000000..b2dfd5a89 --- /dev/null +++ b/config/tls/tls.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCbvz8gzLIYAN8P +Xk4kPajOVQrYbRV6SzKC0ehGd+iTTe4/Srwl2sSHE0Zlb88RmaVyNtam/JfD8fYM +jnHHyh0NyvM0jvUs0UgS0IiOoW9s7IgvJoI9yzWXXg7kX4YwZOrf13FokKQqvKy8 +YrpEVmmw38TGNfgCwiKnWsrNqS4jICUT/rh6VHGuAVK44Uf43rX6dIE/0VuHnfef +dRyHvgExs7BZOZdF8/XOFXNIlrRRIjgRldtR1AQahvzUgst7jMWiu+f+M5XlU5DI +ImMGpK198HS7rnCAjiHOdMEbpdBEqXeDU1qQu11D4iYIOPzQAlEnYzXd0ynSXzRt +J9sLjfZIAGpA72u1ernLNh4k7/OwOeX6seDLYahkaNStxSipYmHEmReIBeq+u84Y +Z1K5LwJioLFI0MJdvBu7fnYV5o2Tu03M47n2RRnizX/nWwqDS4Mha3OPvQg2lwcO +/o3zLJQ4Rf0lKeuZllQ6f7FfdjQIJW3PbQk1XTIDc94og+Cyz/OdRY4TuaHU+GeZ +CTjKyYieFl2q8vmIZQh7GHayOVNh7ts41I3bYt7QwKzMqBcRtzi8zjWVpB2fTkMo +gr4TFDtTUfJosWVnmY3YlQmAMRXqYSbVehrkQM/hi0XxDPn0hNZlJyg2jdQl4WiC +EsCK3bglniLcCL7xL61FI03MB5IBzwIDAQABAoICAD3UKVp7CIRw7BxswrauZ7Ip +npmWjH01FwNKE1zOQ10fBeLIZ3Lbq0M4Sq0AOwLwrPZvgL1f71vRVW1cqxy2Rtxv +4ibOTdSR7HvTnzKIMfTa3aFiNzgS0N6bb2wH4/yYQ4nDPHlXWmTA7A4JX4q7h0+5 +NaO+TwvBSAKKD5Kfg/pby3xplZCyr0J1sgJFJM5Ok42u7JSKJzzqYCBEXKQisNSr +UenJ7BzQIZfDejWp5kGDRSDuDdgpQ8vIJNy0Y9VTaC4XTJzkm7AjgYmB5TAA9gLW +D3FmabEPO6p7PSIdrFVltVVEJOLqDrdhMtn2zZ5CHTd2si6yopqqQuTGerXWkJsc +OyAvgE01xLrr00Nu7eba7bkavDU7Dc2oCHJxSj45R/89J4g25lOHK/JfEv+XKmoF +T+GKLkPCBwBG7CoB7u1CqkjXxZSMncHaqaby/3M5OIxWnXyQocJNV/HksHgSPrZj +Ep8cDQ9x+9iCqE5bBmxJNOuBnlqcrCoATdruku0MlLHhl726vXSe+JAAgSJ/J/us +JkX8ef//Gp9ibEvrGoh3bnqB5zUR8gRL7Nf46ywfdKKOd41XqLVJ/U8Af0CyfndB +3wps7bEuN2MdtnKUPeBIWvbySewvJVOSIJNOXZ5S3wDx8bfrDrTzFi+tA1txUWLX +o4O0SM6gDcDyiGpY+jmBAoIBAQDNsLeH8Sw6Y0KDz+Kf3efdkV3qGBUsLGPrA6ZL +hrYSHZHnp5yskaru9YR1yqAJCqXws1lz/De8U8sH0qi9HU6umi2K/qx0wrs4PLY9 +dRLo1l/jIpbxhx/w8hM25nXvH3L2s08xAU0sZ7ufLYlvzpsWT2JwolGWs8xcHl4+ +Yt/RYHgSf22LNAQvFIZU/MjE/w9f2/YJyo/uSTQeGqkqbeGM3CBqzB3pbrgXzCUR +anXDpFoDBeFyaspq38qwrHjcXhIbN8aAXyBg7xGqR4Y/9e7yCB1fb/Yfpe+iSMZR +jRQsovbyyM7PPSmOCPB4Uxr9cuk/LnOEEf34jLreYplt4BMPAoIBAQDB11ZPam5t +dCeSsFlB1XjtIEtXpcLrVPh5RQFbfyRtosMwGy0QczKVcZcNeQlzzMPiDCyu1FF3 +2P+WfDc/w/ls8EeBwlIRQoko0F27d8yx8iPjgzYxkYgC27bJkcZ6262bon1rBli+ +FH/B9GHzz6cO2eUYF55iqVOD3pOHY7aaEwwa9qWbHd/HKHAVE1mjN8BxCe0qwWkU +FAWfQbX1M1aBWy+XfBrNd94JAp9TVvG1U3ul1/H+zpmMQGVtuIWCEudBeJils+ip +kJW6Lu2+Ywjh9368cZ53bHRUxZP8+m8BfXTd2HHrxIOTHRqR9wqAKGJaHC1TEYrb +TJKmW6CiVCVBAoIBAQCpB2/K5wXRdYBTkaJKfbDtA2iJ1wCPLGtv1a/yoOE+Qc6E +79hwd8RgWqJfqgOZaoazJq98AOhMew99fj/sKQlfspN6hY5y5RO1Qy7/khXYAVMK +9IHWOZSmDEh99SU1PELdOLz7KHai5xvn0yP+HWqVCud6Z+lkTpzBlrMb0WTcSsph +aRY8LqLBjbxWWuUh/fhEbh3iLfPZfY62rnIVy/ZuKvb4zIRIMBRYegp8JWBhRc4y +bcK2o8tzyDRou1MWxLdcZplZJNMW1V9O7zgDl7akbsa0hu1bVKF4WxWeLrFFfSYy +nZJV+40Ki44RUzn6zVOf+Cw1fBOZDQ0Dc0NiZ6FBAoIBAGwJiAqFSHzqw2+nqGfg +AiEv4a49LjGZz09P3ZzQdU5B7EYwr2I+wo+2mrkgn9sR4o9nt7PNlIaWxIVsQCLj +KG7GUSSKWNFT4zyDPerRr53yVnxk0ly4PzVQnkUkYZpyPAXFf9+ZzvZKWJaSjdGl +B/hoC57s8xMMSwbxlApe0hR3z0Rr+gtFkEbhS+8DNO+akECwhqZQ3C8bpbKInlDG +x00btJ/axNmGGJOvCXwatmcY246omDErlzsrXRzVPlwsCwZbn8CjUGbJthnqNAns +CrRfDB0dunPXV9Mzt/LE5f/Pm8ZV79C3W5owG3IFXa3mVELi94QX/+uQdyAPa61t +9sECggEAMAgBQc/i923+jWpV6VFEKaEq27T6krgg2lnXN+6HLspWycCiCLbcMeGT +wBIaCi05tbkv6h4/4CssND+3pvnPOnRpMKaBHvVhpaXPbsqGFsv8l9CbGZ8KAg8x +T/0qa4BVb9CRmBcOMRSWMHo8EDza4ZoXwZm2e3z0o5+Qw3KScc9JL+RhfYTJEhpl +U3sLpI4l6WydsQRnx2Yjo3JttFRgZUBfhr9fSkySx2VoOwr3F/5U/ggc0NjjNiGg +jcQaWv6y/hmWYT+e+cmJut53Edkm7BQ/ysO4gNm5CItGBXRQ8P6i0dCrE2bOVNsd +e9uMuhkyG/mPqX9db3CrBUy0kbq14Q== +-----END PRIVATE KEY----- diff --git a/docker-compose.yml b/docker-compose.yml index a720943c9..6228ac7f0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -26,7 +26,8 @@ services: "--port=5555", "--grpc-port=5554", "--ca=ephemeralca", - "--ct-log-url=http://ct_server:6962/test", + "--ct-log-url=https://ct_server:6962/test", + "--ct-log.tls-ca-cert=/config/tls/ca.crt", # Uncomment this for production logging # "--log_type=prod", ] @@ -38,6 +39,7 @@ services: volumes: - ~/.config/gcloud:/root/.config/gcloud/:z # for GCP authentication - ${FULCIO_CONFIG:-./config/identity/config.yaml}:/etc/fulcio-config/config.yaml:z + - ./config/tls:/config/tls:z healthcheck: test: ["CMD", "curl", "-f", "http://localhost:5555/healthz"] interval: 10s @@ -79,10 +81,13 @@ services: image: gcr.io/trillian-opensource-ci/ctfe volumes: - ctfeConfig:/etc/config/:ro + - ./config/tls:/config/tls:z command: [ "--log_config" ,"/etc/config/ct_server.cfg", "--log_rpc_server", "trillian-log-server:8096", "--http_endpoint", "0.0.0.0:6962", + "--tls_certificate", "/config/tls/tls.crt", + "--tls_key", "/config/tls/tls.key", "--alsologtostderr", ] restart: always # retry while ctfe_init is running From 2d47d44f8ff469f7c8ca300dad9c1bf0017481f5 Mon Sep 17 00:00:00 2001 From: Firas Ghanmi Date: Tue, 30 Jul 2024 21:53:00 +0200 Subject: [PATCH 4/5] update TLS certificates Signed-off-by: Firas Ghanmi --- config/tls/ca.crt | 54 ++++++++++++------------ config/tls/tls.crt | 55 ++++++++++++------------- config/tls/tls.key | 100 ++++++++++++++++++++++----------------------- 3 files changed, 104 insertions(+), 105 deletions(-) diff --git a/config/tls/ca.crt b/config/tls/ca.crt index 674cf2a34..f6cd2b249 100644 --- a/config/tls/ca.crt +++ b/config/tls/ca.crt @@ -1,29 +1,29 @@ -----BEGIN CERTIFICATE----- -MIIFAzCCAuugAwIBAgIUHVoudGeot0qmjmziA9njcOFXGGMwDQYJKoZIhvcNAQEL -BQAwEDEOMAwGA1UEAwwFTXkgQ0EwIBcNMjQwNzI0MjA0MDQ0WhgPMjEyNDA2MzAy -MDQwNDRaMBAxDjAMBgNVBAMMBU15IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A -MIICCgKCAgEAjuXxEhzC0K3w4gRDvldrI3NZSGiMFWWaghIqcjZe2cE6GnR428BG -Mdz30kzJ0XCFcpJzECYMUAS6odwH0ZeNh9YLhTn1Hn/R/pGO1gML5+3NSH76kHMT -mlYcn2qawXqY55iyERiPW/iamBMtTIRXQgKo0/JVThrGCsErwat117XDEE385uqS -06rqK9aWGlvk/9SSqb1LKy1gjRnQtnQWDNwIgAt9Or0AO+thAkYqY/6+fJj5z5XK -35E12PHd+XP9AKGu8Xcu3RUcIq0jOnZT23kycLrdLjaQKvt0sU/5u808qe2+YIe/ -ldwJCGr5SZXqKv5/Zv6giM1xNkv+RsLRaIEYlHD3CTn8qgESIImYnIuiwOa3n04q -ZGsaG6155p0pJuvXhZegXpvGnQ7Ku+Tx8mbAwoPHWBVBESz5pS8fIRZ5zgy/p/ZI -cz3Rgg6JXCGIe5o3y2TzlpeL0V5rgaqaQz0GLIXnrkjyGhxfK65H9fAPinZDVS4o -qGCnMfYqJwyf+oLLPZGz1CYCA5jemSugGRgm45O0UtMvzIomRhnmZVEalA/+qDhn -zFBOfPoY1jqHW9mWNeXOW4cpW+kQw3Chqy6TQ4hA6OADd5rXlkSKs05uW+UujWZf -DwupgaRG9cWj0uqoTmbgqxPqAoXW+NJmIQJVXVgxe9f+87ZgGRonFUUCAwEAAaNT -MFEwHQYDVR0OBBYEFGq8SuCoNKy7BGjUanonufX2Z7p5MB8GA1UdIwQYMBaAFGq8 -SuCoNKy7BGjUanonufX2Z7p5MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggIBABb3C7izkhKirLU9hXLdqwqkc9pUteBCYni+OjIqO8793unF6fP/Q32+ -rmLWpSHJ2t0CwsUQI5b5UZCPlv9MjyMi8QsnkZNcQnENoIgv8COB+PGEM6okhH3U -MInp+KqIekhi92QeoMxdbdzAp6e2MYW6UKgnuJU6y8oKmoJsBICLYY0H8z5dBPd0 -fdnE0AKdWGkZ99w7qvlN3dvLe9//aNg5qtxGokNsvBxtdoj7KXiPYlaz5bazl2p3 -dlboojhidLqIejzPzH0Q7gGWgAOvwRD3vFznwuoi6J596JvTzi0Wx14mBKibyeHs -vQIndFeOVGIsLC2kK5JEW7rAPcyzRkTh7Qj3vAfvAbsDuSS7Kc8ULV8NRfxBb2lS -QVKNHKfNDCjZ1XmsE7BWSpCF/mCEtBKuRGwtGI8dtmgxwmq4p1w8WwanrEQdtZP/ -C00my+QEnm6CxBSKEJWjkU32jP9NQb7Cnz+/iUVAQX3iZgPQ3+sF4JxyEyoxkMm3 -U/Hy4lF3D9cGH1C8ZkJuhJDimezAjO8wO1I/XKbODpzG5bbm5feIW42If0eirT90 -doBF6QrHi6lOGpLAaWc6eCtSm7HuxkJvfX0vjoefieIrLETSkq/yHzbYvToDGl0F -iOwjfiayctH3YP+GxvOD+Q6kQP20xEG09MYgQtJIKiT0F3x0sDEs +MIIFAzCCAuugAwIBAgIUCroIEpa8ZFgrBpmwERTYRbp1TEkwDQYJKoZIhvcNAQEL +BQAwEDEOMAwGA1UEAwwFTXkgQ0EwIBcNMjQwNzMwMTg1OTMzWhgPMjEyNDA3MDYx +ODU5MzNaMBAxDjAMBgNVBAMMBU15IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAtBEZLtAbR9guZMEDHFu4rDEkrJVFcpl3IBkvXMlpXQSP8CXSa0do +8UPNUsq6ptui1FKvi54nX0BeAahytfWvYem0a6yl4RijPZA55GxHSk7/uueeCLZs +G3K1bWiJe4qGChjc/g8putrWFsd0KFYCifEGjlxmKtr8NaZlw6YcMaKWZ/IO/eWC +z0v7sq0zA8YtSjyyQCJR+3Wh5QWEf+Wk4xM+A8crIjV62nDC7dYMZpNWr/1K+WsR +IuL/p7pMUvurDCsruI/0XhkkphYfV+9jdbN5SDid6WlJ+U1ZoJdUpkHufoQ5j0tC +tpC0A2sNjquD7qmpjkRC4MJuyOzmoVu0RFRiUedwJzRAF7oZ6zKpc0B6yLQs1AMb +Q8MyLrnz5VCY3UGzVYeZGXka8UxQ4T/GH3mqnOAXGWu1217/JzMu7pPO4IVP4Lz5 +SdPMhEvEMHeoC5LUnaB2zPLFsvvagW/BT/Obuf5Srs3U/WObthxfsoiWeAGL/+AN +OeAvUILpUceUv9AHEYL7UMbVwId78rTcw4pWdlb47yMpTAMqs6Oa4ZncTxoNvZAj +8SvJdB5SSMz5QBWMz/mgZGqAUibNsz2CUO3yQ/DClRbBDuvndIDW0e1AcqTO55IF +/s5EmWNSdxNTVNQuJmul5BLkNnr2w2UxiCwC196U15OFGGaJfa2Q97cCAwEAAaNT +MFEwHQYDVR0OBBYEFP7xzrRK6+7Rzzgzvw8fV061WmB+MB8GA1UdIwQYMBaAFP7x +zrRK6+7Rzzgzvw8fV061WmB+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggIBAIXdvX+Qu/T3lMoU699KKE/C/N7uND+cAPeU7y7INOknTeh3cKJOcVVz +zT8ag1Dvy2vnYqS8jDG/qvAgEZDStb9xwNJkk4BW2xLjcPe17aDEyMIdPn6Ey3Xc +SIyG8+UWBkplGfOUkaTadDGldOYUWEoEuLlDRz4RUE5AzEbx6xOaBjC2ZL6prLTN +fPykWoC2I/damo/BxPKLw3fEjjyqY5/jmNho8eGC/dIAtw0gu4yajaE3GNjSvQPT +Xa+ClGFU4xXc7rrHTZ+iiE+Ek3NlUH8DaIx0XBuKRgx8yvRulUflLD0ajIRob+Gn +F/A/pw3zbLhdAWkWgWW4hCaoa009WXaSwfLMc/gDD6+51UACepAHUP+VQAXQHRC/ +eOZjhdKbhZebkbWsQYXkz/BYY3tMCW17VrGlYtyfy+r6WzEw9rqBEs54yM8xuUEW +vT1xuxG++ptfB4X7uZVqvrZKX7zc8nQ2ptf4ATwb5EN5CaVil1w/IMuIyxpx0jTU +p4DCeZTx3eamaq376UodhT6HxyrM28f8gui8yIWkGdqw9fNA/Pe1rjqew9IQVYEo +gyEHjjfkJFyxCjhmzmtRMqJKh7SRLXqBaloYdUlTjz6CL0nc53WLvm4/h9znFXBc +36+nBlgXk/WTiuWkmX/a6Xf//3sv1rCxtCXj/EH6S7FMBD9gljtO -----END CERTIFICATE----- diff --git a/config/tls/tls.crt b/config/tls/tls.crt index ca04781c7..8c5838c0d 100644 --- a/config/tls/tls.crt +++ b/config/tls/tls.crt @@ -1,31 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIFRzCCAy+gAwIBAgIUUwaiANUP/pPFrbAsRqRltYFlZzUwDQYJKoZIhvcNAQEL -BQAwEDEOMAwGA1UEAwwFTXkgQ0EwHhcNMjQwNzI0MjA0MTIzWhcNMjQwOTIyMjA0 -MTIzWjA7MQ8wDQYDVQQLDAZTZXJ2ZXIxCjAIBgNVBAMMASoxHDAaBgkqhkiG9w0B +MIIFOjCCAyKgAwIBAgIUZOAUTUGnvAbSwp/zNyatzPCYR4cwDQYJKoZIhvcNAQEL +BQAwEDEOMAwGA1UEAwwFTXkgQ0EwHhcNMjQwNzMwMTg1OTQ3WhcNMjQwOTI4MTg1 +OTQ3WjA7MQ8wDQYDVQQLDAZTZXJ2ZXIxCjAIBgNVBAMMASoxHDAaBgkqhkiG9w0B CQEWDXRsc0BnbWFpbC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC -AQCbvz8gzLIYAN8PXk4kPajOVQrYbRV6SzKC0ehGd+iTTe4/Srwl2sSHE0Zlb88R -maVyNtam/JfD8fYMjnHHyh0NyvM0jvUs0UgS0IiOoW9s7IgvJoI9yzWXXg7kX4Yw -ZOrf13FokKQqvKy8YrpEVmmw38TGNfgCwiKnWsrNqS4jICUT/rh6VHGuAVK44Uf4 -3rX6dIE/0VuHnfefdRyHvgExs7BZOZdF8/XOFXNIlrRRIjgRldtR1AQahvzUgst7 -jMWiu+f+M5XlU5DIImMGpK198HS7rnCAjiHOdMEbpdBEqXeDU1qQu11D4iYIOPzQ -AlEnYzXd0ynSXzRtJ9sLjfZIAGpA72u1ernLNh4k7/OwOeX6seDLYahkaNStxSip -YmHEmReIBeq+u84YZ1K5LwJioLFI0MJdvBu7fnYV5o2Tu03M47n2RRnizX/nWwqD -S4Mha3OPvQg2lwcO/o3zLJQ4Rf0lKeuZllQ6f7FfdjQIJW3PbQk1XTIDc94og+Cy -z/OdRY4TuaHU+GeZCTjKyYieFl2q8vmIZQh7GHayOVNh7ts41I3bYt7QwKzMqBcR -tzi8zjWVpB2fTkMogr4TFDtTUfJosWVnmY3YlQmAMRXqYSbVehrkQM/hi0XxDPn0 -hNZlJyg2jdQl4WiCEsCK3bglniLcCL7xL61FI03MB5IBzwIDAQABo24wbDAqBgNV -HREEIzAhggEqghZodHRwczovL2N0X3NlcnZlcjo2OTYyhwQAAAAAMB0GA1UdDgQW -BBTIrMR1pR30/uPPz0VHIIsj1lmCSTAfBgNVHSMEGDAWgBRqvErgqDSsuwRo1Gp6 -J7n19me6eTANBgkqhkiG9w0BAQsFAAOCAgEAF6EKMKUC/LegXLFsCxY0c5hzd2Vf -TO0Si3/Y0lJ00zdGHgyTXCxqTXGutHYyEX9QF2+yg2WVQu7NzTpc/7tpa7FroJpo -Wc0ll6rGuhWaLv8EYJ33sHJBU3yyU9mKUQVgdk4PJAsTu5RlkQy7gdjNUOwjPCwI -2U/r01UfIHihbScPE3eIu5cvk39LESJEUmWixoOievUYmdZ/R0hSzwFv2XXo2HBj -+2qSnOq/O2AvltX2c2zVuoRxR9qa6TfznskP6mmXEcxwIUJV86EgnJthVVHQfWUC -V9o9TTfBwhfKtJ7oH6C3t8dZJqjXtXFt/mzI0tZdqEN6Ozlc7zNB72mpW5pNlY3J -1BMGEDdJesyWTG9nKzg8AjW2mbTaHKJBk72/RnRhgoV5yOY/kPcYBf83jyzbuafr -KJBmUewPdf/T3/QSlDMaX+6rKSNNLgKgQwAlOdd+eaWdcZlT2UTJTSGJv3aANBEy -2Ajv2ZzLcw24uAZEIFJKh8jswtkCMScvePlVlhgAY7SZMNvtO9HepQMtpwRD/jkv -e7IRHhB7tEFUiTHmsVc7llIlJRsOewtsLjwacpfKkFWGpZQmyEy+Xxf/FkGQLyQ/ -KQJYFJ+uScq6Ae9RatWNTnhC6Ja75estMfL0SatrE1yGyZUTTGWdYohxYbiJYsgd -bW3vUsnPEIFX0Fo= +AQCfMw5FC5oRh7psbcZ+YqLWsXxBGWe0NZFCt6hy3Rl1ib0pXSF2PfOc6Qaq8e1A +7b0tv5wH08fpWHJnMn/OD7oLhbdWyBw8q76wV7rG6TzB/39v1pFBGaNhL9786QOu +X1LjmyaL0FbAdw/b36/ul+lxu87BylvwHKnz7E9LpqWsxt+Xc9nNLgiBcxcV7AVI +MiuhDf91BzGA8Ab7SOWcqmLx1b26uVzGbw9CC6VBrQlhqFSL/2epMMtGKWjYGyr1 +lfmYejJ2jOgub+onaJu3kg64+Lp5ZoEsXAqE/Unq1k0K9khvoM2t5U7onaqRlU9E +CoeVk2EZUnwOLapJ18a025FCBJsMn1gd9cuiuMeANISRkLIxa9i4MtpAYNWbG0k1 +laOuSZHVOpy31U5p7WDOHNf6Ni8GMSC2ilvtYTmg7bmwXFLwj7OVA29MgWDLJhAk +hs1BuLH/IoWZZtr3jIbJKEtn6d5Y3XjoVQh7YpQi1s8omO3PTIlnpHk6nQSS5y6R +TyLUuSeLh2FOvPO7maBET/Ni/Qq8SGHC3B4LRF6ckTmHxOVFzeawZyfxUZRHYnjo +cmqMwBNRJYmXYHmVghgyCwK+dndgB1bCVhPu7T5bUgpYHAAXzO0fwS+plQg4hLkY +OQZztD0/44jP+xAFnrjAnUyWYbCJWU4E0hne3LBpBquhdwIDAQABo2EwXzAdBgNV +HREEFjAUggEqggljdF9zZXJ2ZXKHBAAAAAAwHQYDVR0OBBYEFDC/TAlqsr1HrSjD +jD148oH2otnpMB8GA1UdIwQYMBaAFP7xzrRK6+7Rzzgzvw8fV061WmB+MA0GCSqG +SIb3DQEBCwUAA4ICAQBJX2Wb21pdS1hKvkagCQS+FB49Up54NVisrGxVrKjxZW+9 ++SMknPH/BtJeJlCFcztLA025kqfrh+u8zvzgsit9tHyybm/3iGfiNjJWoLaHlVzk +L+orUFmPt7bzU68wZIj3URWRDxO5/bvXHkIBHTr5xNUD5QPOwnLZdNRox9A3hv6v +P332RrIQCCDbiOc3fY7PZSfBnJMHGV+HZkS21tJfwLR7hgY8nFcXjl4KpA4XFoaj +HaN7pfVNQpXn46VXZSAQEM5sR+JKCz9+DoGdOELmik0vcDpms0YUuYZ8ZSKVamXZ +yNFg9o8/c9xpkYFMMvKfaAkfrSzu7FLFLX5nI4oSzP7kx4cFl3/2qDFLF+MRx2n7 +d81zbeWLfqWj1rcWi4f5umxBBgBCXF4C4B03SoilYwwrpjxEZZcH71m/Jcz8GOYW +B77kSMXqo1rJoy1fs3YAZ4f/lvgyRPeoCvWIQNx8UTMI/43HJI7fN86BdBZIgQJU +8qJghrHvZisMcLJP6Uyo+2MDdrCfWK04V+47YyzwBDvfCRha3gzJPlTrUubkF4tv +8o7fYSerkzo04IeM3lAggruYmhABWaubP75ZS70nkHlB2kL6BYV81j21BOPGk/ug +nfnjFG7BfeZmFpJB1DcRxCzeM+yLtP8qKn9zwDOey+6TpUZoP2S+vUBZGuyr0A== -----END CERTIFICATE----- diff --git a/config/tls/tls.key b/config/tls/tls.key index b2dfd5a89..c43830336 100644 --- a/config/tls/tls.key +++ b/config/tls/tls.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCbvz8gzLIYAN8P -Xk4kPajOVQrYbRV6SzKC0ehGd+iTTe4/Srwl2sSHE0Zlb88RmaVyNtam/JfD8fYM -jnHHyh0NyvM0jvUs0UgS0IiOoW9s7IgvJoI9yzWXXg7kX4YwZOrf13FokKQqvKy8 -YrpEVmmw38TGNfgCwiKnWsrNqS4jICUT/rh6VHGuAVK44Uf43rX6dIE/0VuHnfef -dRyHvgExs7BZOZdF8/XOFXNIlrRRIjgRldtR1AQahvzUgst7jMWiu+f+M5XlU5DI -ImMGpK198HS7rnCAjiHOdMEbpdBEqXeDU1qQu11D4iYIOPzQAlEnYzXd0ynSXzRt -J9sLjfZIAGpA72u1ernLNh4k7/OwOeX6seDLYahkaNStxSipYmHEmReIBeq+u84Y -Z1K5LwJioLFI0MJdvBu7fnYV5o2Tu03M47n2RRnizX/nWwqDS4Mha3OPvQg2lwcO -/o3zLJQ4Rf0lKeuZllQ6f7FfdjQIJW3PbQk1XTIDc94og+Cyz/OdRY4TuaHU+GeZ -CTjKyYieFl2q8vmIZQh7GHayOVNh7ts41I3bYt7QwKzMqBcRtzi8zjWVpB2fTkMo -gr4TFDtTUfJosWVnmY3YlQmAMRXqYSbVehrkQM/hi0XxDPn0hNZlJyg2jdQl4WiC -EsCK3bglniLcCL7xL61FI03MB5IBzwIDAQABAoICAD3UKVp7CIRw7BxswrauZ7Ip -npmWjH01FwNKE1zOQ10fBeLIZ3Lbq0M4Sq0AOwLwrPZvgL1f71vRVW1cqxy2Rtxv -4ibOTdSR7HvTnzKIMfTa3aFiNzgS0N6bb2wH4/yYQ4nDPHlXWmTA7A4JX4q7h0+5 -NaO+TwvBSAKKD5Kfg/pby3xplZCyr0J1sgJFJM5Ok42u7JSKJzzqYCBEXKQisNSr -UenJ7BzQIZfDejWp5kGDRSDuDdgpQ8vIJNy0Y9VTaC4XTJzkm7AjgYmB5TAA9gLW -D3FmabEPO6p7PSIdrFVltVVEJOLqDrdhMtn2zZ5CHTd2si6yopqqQuTGerXWkJsc -OyAvgE01xLrr00Nu7eba7bkavDU7Dc2oCHJxSj45R/89J4g25lOHK/JfEv+XKmoF -T+GKLkPCBwBG7CoB7u1CqkjXxZSMncHaqaby/3M5OIxWnXyQocJNV/HksHgSPrZj -Ep8cDQ9x+9iCqE5bBmxJNOuBnlqcrCoATdruku0MlLHhl726vXSe+JAAgSJ/J/us -JkX8ef//Gp9ibEvrGoh3bnqB5zUR8gRL7Nf46ywfdKKOd41XqLVJ/U8Af0CyfndB -3wps7bEuN2MdtnKUPeBIWvbySewvJVOSIJNOXZ5S3wDx8bfrDrTzFi+tA1txUWLX -o4O0SM6gDcDyiGpY+jmBAoIBAQDNsLeH8Sw6Y0KDz+Kf3efdkV3qGBUsLGPrA6ZL -hrYSHZHnp5yskaru9YR1yqAJCqXws1lz/De8U8sH0qi9HU6umi2K/qx0wrs4PLY9 -dRLo1l/jIpbxhx/w8hM25nXvH3L2s08xAU0sZ7ufLYlvzpsWT2JwolGWs8xcHl4+ -Yt/RYHgSf22LNAQvFIZU/MjE/w9f2/YJyo/uSTQeGqkqbeGM3CBqzB3pbrgXzCUR -anXDpFoDBeFyaspq38qwrHjcXhIbN8aAXyBg7xGqR4Y/9e7yCB1fb/Yfpe+iSMZR -jRQsovbyyM7PPSmOCPB4Uxr9cuk/LnOEEf34jLreYplt4BMPAoIBAQDB11ZPam5t -dCeSsFlB1XjtIEtXpcLrVPh5RQFbfyRtosMwGy0QczKVcZcNeQlzzMPiDCyu1FF3 -2P+WfDc/w/ls8EeBwlIRQoko0F27d8yx8iPjgzYxkYgC27bJkcZ6262bon1rBli+ -FH/B9GHzz6cO2eUYF55iqVOD3pOHY7aaEwwa9qWbHd/HKHAVE1mjN8BxCe0qwWkU -FAWfQbX1M1aBWy+XfBrNd94JAp9TVvG1U3ul1/H+zpmMQGVtuIWCEudBeJils+ip -kJW6Lu2+Ywjh9368cZ53bHRUxZP8+m8BfXTd2HHrxIOTHRqR9wqAKGJaHC1TEYrb -TJKmW6CiVCVBAoIBAQCpB2/K5wXRdYBTkaJKfbDtA2iJ1wCPLGtv1a/yoOE+Qc6E -79hwd8RgWqJfqgOZaoazJq98AOhMew99fj/sKQlfspN6hY5y5RO1Qy7/khXYAVMK -9IHWOZSmDEh99SU1PELdOLz7KHai5xvn0yP+HWqVCud6Z+lkTpzBlrMb0WTcSsph -aRY8LqLBjbxWWuUh/fhEbh3iLfPZfY62rnIVy/ZuKvb4zIRIMBRYegp8JWBhRc4y -bcK2o8tzyDRou1MWxLdcZplZJNMW1V9O7zgDl7akbsa0hu1bVKF4WxWeLrFFfSYy -nZJV+40Ki44RUzn6zVOf+Cw1fBOZDQ0Dc0NiZ6FBAoIBAGwJiAqFSHzqw2+nqGfg -AiEv4a49LjGZz09P3ZzQdU5B7EYwr2I+wo+2mrkgn9sR4o9nt7PNlIaWxIVsQCLj -KG7GUSSKWNFT4zyDPerRr53yVnxk0ly4PzVQnkUkYZpyPAXFf9+ZzvZKWJaSjdGl -B/hoC57s8xMMSwbxlApe0hR3z0Rr+gtFkEbhS+8DNO+akECwhqZQ3C8bpbKInlDG -x00btJ/axNmGGJOvCXwatmcY246omDErlzsrXRzVPlwsCwZbn8CjUGbJthnqNAns -CrRfDB0dunPXV9Mzt/LE5f/Pm8ZV79C3W5owG3IFXa3mVELi94QX/+uQdyAPa61t -9sECggEAMAgBQc/i923+jWpV6VFEKaEq27T6krgg2lnXN+6HLspWycCiCLbcMeGT -wBIaCi05tbkv6h4/4CssND+3pvnPOnRpMKaBHvVhpaXPbsqGFsv8l9CbGZ8KAg8x -T/0qa4BVb9CRmBcOMRSWMHo8EDza4ZoXwZm2e3z0o5+Qw3KScc9JL+RhfYTJEhpl -U3sLpI4l6WydsQRnx2Yjo3JttFRgZUBfhr9fSkySx2VoOwr3F/5U/ggc0NjjNiGg -jcQaWv6y/hmWYT+e+cmJut53Edkm7BQ/ysO4gNm5CItGBXRQ8P6i0dCrE2bOVNsd -e9uMuhkyG/mPqX9db3CrBUy0kbq14Q== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCfMw5FC5oRh7ps +bcZ+YqLWsXxBGWe0NZFCt6hy3Rl1ib0pXSF2PfOc6Qaq8e1A7b0tv5wH08fpWHJn +Mn/OD7oLhbdWyBw8q76wV7rG6TzB/39v1pFBGaNhL9786QOuX1LjmyaL0FbAdw/b +36/ul+lxu87BylvwHKnz7E9LpqWsxt+Xc9nNLgiBcxcV7AVIMiuhDf91BzGA8Ab7 +SOWcqmLx1b26uVzGbw9CC6VBrQlhqFSL/2epMMtGKWjYGyr1lfmYejJ2jOgub+on +aJu3kg64+Lp5ZoEsXAqE/Unq1k0K9khvoM2t5U7onaqRlU9ECoeVk2EZUnwOLapJ +18a025FCBJsMn1gd9cuiuMeANISRkLIxa9i4MtpAYNWbG0k1laOuSZHVOpy31U5p +7WDOHNf6Ni8GMSC2ilvtYTmg7bmwXFLwj7OVA29MgWDLJhAkhs1BuLH/IoWZZtr3 +jIbJKEtn6d5Y3XjoVQh7YpQi1s8omO3PTIlnpHk6nQSS5y6RTyLUuSeLh2FOvPO7 +maBET/Ni/Qq8SGHC3B4LRF6ckTmHxOVFzeawZyfxUZRHYnjocmqMwBNRJYmXYHmV +ghgyCwK+dndgB1bCVhPu7T5bUgpYHAAXzO0fwS+plQg4hLkYOQZztD0/44jP+xAF +nrjAnUyWYbCJWU4E0hne3LBpBquhdwIDAQABAoICACDCctdGcefVlEkntcbgKT4g +u77xqWNt+nxOKr2oPcrwExrl7TLVwMGzOgoHSpkn0twNJ+B8dhDQgIo33BDdL52b +YITdHOJnPRAwnWC9MiGBoAm1j6Jj0jj3jt1gXb+OIhJwJNh0gMWOOpc2So/AdutO +iFdcetrIKzjkkdSxcDpDmlMiJdmQ9XMd6cw7C0M1/8BejwjX+BneSrF+6LD6Zu34 +29gGuM6kn/EpUFJZdyq/ZtaAMiagwdOoRcjink53FCuKScQXbtfPc9G0NwbpaVoq +5MSCkWY9cnS3YnSOsL/mujUuU+TK4RgBCc53eR45RHlFIKADVz/bqcUUP/GLlTI7 +doRemmOnjgqkGv9OBYmrhF+gqyrgiMgvpaMd37sHkU8Pwi2tqxcH+JQMaJyLNdin +4XxvDSUlyhEcXKpTp/GmCLcOt+rruNyjbOmR4TozlbqtvG/h9Uau4hMvb9sXcXB/ +j8seH+ih7dLZmtCfqStrJFA2I9i43h3UTz5V8kPXu5M/Mz7KfdEYwUsJehOvEHgl +QIydwrJcvycr7J6l5PnQGoDtkQZJx3QUxf4mZcn0CjF5udiejmkU8FMmP1Cac2TD +/i3CnKuOLJd1SyJaCSJtcCfJqS4mGXX90Stk8XtU5FKOgw2UxuoPAg8TSlLQwnyo +PVknRhteoktOKFKhtYuRAoIBAQDR4AwVcqfxAtaWbzzIEHOpm7TCoCSQQtLikbPo +PYWinZV4uOx1s4Gb1qvFB0zp2SS92rNGe6JX8BnmCNTYXc6gcqIqwtHVfri8n+wS +7Hsq/anYM41czxtlnPHMFNuLHqzYiJnp8okRRpDNOnbDJr0THSuNbdfbt7f9jYeW +DlxaGJi7LCqiAjs7jKo0q0SHgDz9rtoJmZixuoxW/dShLsb2On/koVO5QHReINkD +gAUxYPUILJ01HcGiKy74wr4/ET0bVG1CXgDwIr3mVShuk2XU6J+ex6HXYuSVp0KZ +uMPNC1Wkxk+21Zd3cKGWI/Z5KK3QdjVnNDtT24GSS4hjVms9AoIBAQDCL+aC27ys +VLvYISYiEEYgOYuPxOeyKewPtrIYYMAZDwHAKDEFIjjwFpbYRK5+xEs+WotSo8jH +tzVFjMYnnXYG2cse/Wll+wx+JX+dbocPgIGtaM+6muEXXJVOy43g+H3ZQTGbp1l/ +PY31fBo0gHXEdnv8/XBV22OsUJxvhkyvf6R1OLsH1RSFCjVyYCc1EMubfzthws8s +Xz7IjkCoVSuyc+5+qlCD4a6a88/vNBteuTq0dY9LhLWF8GWTk1uKkTPEPpd8X7bT +7MGtTTTDvEMiBseH/e+E5UFitj7imCXUz0cpNmU5j5fsI4vfGLeOOoJGZexwxFpa +ylf3hdq2/trDAoIBAQCppL5fv9P8Pl0SMEwjMxkq6c9M2oFzknA/76JKgSA598LQ +WDnaUgTb4MPreSE0jO7j/5mVyW3KQyvMAyt40SqqCr8GbX+LYOkWnvYFvd05PN1D +Aziq4kW09w2D9wAXDe6NAK3YqtEcg7ucCDvjNrbycku4ACfRVEmGzBXityzzLpqW +APddCQyz79nMxPuZw5CJRgK8a8k/MBksX/S1bMgqU9L5DWZNgcoOI+MGrz6DUWn+ +94EDZFAWM22+aju5YsfQBYhjcvSzJoH1YrRR3Rcc6APOJnOtVCSMyyxMcUrjvNu3 +Ww0oLrJGO2aBpAQgnz8QF9zG1TN3byDnDeLq2PnJAoIBAHLtLIz4BcMsZvw0KkBw +x0AdLqcJD2OXghmOs/rPkAGEqzGR1+lE5tPZWq9mfquR+0JNDjX7r0HcAVBHT6N0 +grztO1T8/9sWaL9j7BI9rvuSv6zk4kR7k4pjBg7bU/34s2rYNcb8lXBD+vd12oCG +Iq0CvsDtMgXuUSBTmTI8FrirX6bsy2yIRJu0fgtSMwIqDYbbF0b1p+2H9T13S3cU +6Ua1bEpU/FABSnh0ofTdLvGxyLey9/rm8RPzQfrEdKIe67dSoA9BCpCEh9/MWNUb +X9QMlRy8Qnyxvi/w0mkDSSiZAHG4utIFVRGxu/9uvnwTzrRhcD0RSLSBGuzosJgr +X0cCggEAbpCfNvllIZdx5w5Iv3SHiNjtnaeudIe2K+MhqomtVW4cm6h4N9p7FMKW +v31Nl0KVlFPCkwGzHEtQY64Q5FRSFmbyXVnaoId8iaP8B6efMfp0/0E1Ai+LOJtu +AJkQGpWtHejwXd8B9nczlYWXu5my8bwKgS4qsUunlMLLZqsVBLXKhdSaNzr5nBSr +EM+ag+xshlikHQA+Pm2NNRZGBEre45Q/I8FqfPUOdF2VCdBk+QefF7N9RATA/O/m +DRkpqs68jN5pxMq52yVn+pL2hXP0R0vmqSPyHrsjYIxDuaXQQW7v61r2qSWhphUP +YG3/wgjXsCDRkdewm5fvGUXUEt5rbA== -----END PRIVATE KEY----- From 3609bc5f8a70bf538e458befa3e781a3eba1317d Mon Sep 17 00:00:00 2001 From: Firas Ghanmi Date: Wed, 31 Jul 2024 00:21:57 +0200 Subject: [PATCH 5/5] fix conflicts, add keys generation commands Signed-off-by: Firas Ghanmi --- config/tls/key_cert_generation.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 config/tls/key_cert_generation.md diff --git a/config/tls/key_cert_generation.md b/config/tls/key_cert_generation.md new file mode 100644 index 000000000..5a16f62da --- /dev/null +++ b/config/tls/key_cert_generation.md @@ -0,0 +1,21 @@ +# Generation of ct_server key/cert and CA certficate + +## Commands + +``` +# 1. Generate CA's private key and self-signed certificate +openssl req -x509 -newkey rsa:4096 -days 36500 -nodes -keyout ca.key -out ca.crt -subj "/CN=My CA" + +# 2. Generate ct_server's private key and certificate signing request (CSR) +openssl req -newkey rsa:4096 -nodes -keyout tls.key -out server-req.pem -subj "/=Server TLS/OU=Server/CN=*/emailAddress=tls@gmail.com" + +# 3. SAN +echo "subjectAltName=DNS:*,DNS:ct_server,IP:0.0.0.0" > server-ext.cnf + +# 3. Use CA's private key to sign ct_server's CSR and get back the signed certificate +openssl x509 -req -in server-req.pem -days 60 -CA ca.crt -CAkey ca.key -CAcreateserial -out tls.crt -extfile server-ext.cnf + +# 4. Clean-up +rm ca.key ca.srl server-ext.cnf server-req.pem + +``` \ No newline at end of file