Root CA and Wildcard Certificate Generation in CentOS/RHEL 6&7

  April 25, 2017   , , , , , , ,   No comments   Edit
     Hi folks ! this is one of the best method to create your own RootCA server and generating self-signed wildcard certificates.The greatest advantage of following this method: this would not make any system level changes, as everything is stored in files mentioned in the commands. At any stage if something went wrong, clear all the files and perform the steps once again.

There are two sections

1. RootCA Server   --  Need to perform only once.

2. Generating wildcard certificates for xyz.com domain -- Need to perform once per domain to create wildcard certificates. Need to perform once per site per domain to create individual certificates per site.


 RootCA Server
============
1. Install required packages.

 # yum install openssl -y

2. Generate XYZRootCA certificates

# mkdir /opt/XYZRootCA
# cd /opt/XYZRootCA
# openssl genrsa -out XYZRootCA.key 2048
# openssl req -x509 -new -nodes -key XYZRootCA.key -sha256 -days 10950 -out XYZRootCA.pem

#Provide information as given below

Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Karnataka
Locality Name (eg, city) [Default City]:Bengaluru
Organization Name (eg, company) [Default Company Ltd]:XYZ Solutions Pvt. Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:XYZRootCA
Email Address []:info@xyz.com

3. Convert .pem to .crt

# openssl x509 -outform der -in XYZRootCA.pem -out XYZRootCA.crt

Generating wildcard certificates for xyz.com domain
===========================================
1. Generate CSR for *.xyz.com

# openssl genrsa -out XYZWildcard.key 2048
# openssl req -new -key XYZWildcard.key -out XYZWildcard.csr

#Provide information as given below
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Karnataka
Locality Name (eg, city) [Default City]:Bengaluru
Organization Name (eg, company) [Default Company Ltd]:XYZ Solutions Pvt. Ltd
Organizational Unit Name (eg, section) []:Infra Support
Common Name (eg, your name or your server's hostname) []:*.xyz.com
Email Address []:infrasupport@xyz.com

2. Using CSR generated above (As Shown in Step no:1), generate a wildcard certificate for *.xyz.com also get it signed by XYZRootCA as well.

# openssl x509 -req -in XYZWildcard.csr -CA XYZRootCA.pem -CAkey XYZRootCA.key -CAcreateserial -out XYZWildcard.crt -days 3650 -sha256

3. Import XYZRootCA.crt to trusted root certificates

 # yum install ca-certificates
# update-ca-trust force-enable
# cp XYZRootCA.crt /etc/pki/ca-trust/source/anchors/
# update-ca-trust extract

References:
###########
  1. https://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/
  2. http://linoxide.com/security/make-ca-certificate-authority/
  3. https://blog.celogeek.com/201209/209/how-to-create-a-self-signed-wildcard-certificate/
  4. http://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key
  5. https://serversforhackers.com/self-signed-ssl-certificates
  6. http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html



A Go-Ready vagrant setup

  April 17, 2017 Raaz   , , , ,   No comments   Edit
Hello,

I hope you know what is a Vagrant. If you don't , please visit https://www.vagrantup.com/intro/index.html.

For a Vagrant setup Vagrantfile is important. In the Vagrantfile we can define so many parameters for the VM we would like to build, for example IP Address, Hostname, Port Forwarding and while spinning the VM itself we can install the new packages and make our development or testing environment ready when ever we want.

I dont write Installation of Vagrant here, because their documentation is excellent and I dont want to duplicate it. If you want to install Vagrant , look at https://www.vagrantup.com/downloads.html and VirtuboxVM is one of pre-requisite for Vagrant and I hope you know how to install VirtualBox, if you dont know then look at https://www.virtualbox.org/wiki/Downloads.

Now I assume , you have installed Vagrant and VirtulBox.  Whether you are using Windows or Linux commands are same , just use your senses at path format which is different for Windows and Linux.

Here I will show you how to generate a new Vagrant file and how to use it as per our requirement.
Open you command prompt or powershell prompt depends on the OS and type as


mkdir vagrant_1
cd vagrant_1
vagrant init

Here vagrant_1 is the directory name where I have initialized the vagrant and you can replace it with anything you want. If you see contents of vagrant_1 directory after executing vagrant init , you will see a file with name Vagrantfile.

This is our main file. Open it with your favorite editor like Sublime, Atom , Brackets or any other you like.

Now observe carefully. Remove everything between

Vagrant.configure("2") do |config|
end

Now lets define some configuration.

Vagrant.configure("2") do |config|
config.vm.define "vagrant-centos01" do |vc01|
vc01.vm.box = "centos/7"
vc01.vm.hostname = "vagrant-centos01"
vc01.vm.network "private_network", ip: "192.168.20.20"
end
end

Lets go through each of them ,

1. With Vagrant.configure("2") do |config| , we saying to Vagrant that use Vagrant from 1.1+ to 2.0.X.

2. With config.vm.define "vagrant-centos01" do |vc01| we are saying as define or create a new VM with name as vagrant-centos01

3. With vc01.vm.box = "centos/7" , we are saying as for use centos 7 box. if you centos-7 not available locally , Vagrant download it from Hashicorp.

4. vc01.vm.hostname = "vagrant-centos01" , says what is the hostname

5. vc01.vm.network "private_network", ip: "192.168.20.20" , says what is the private IP or static IP and this is similar to Host-Only adapter at VirtualBox.

Thats it, A very basic VM setup is ready with hostname and Private IP. After saving this configuration use command as

vagrant up

and then

vagrant ssh 

To login into that machine. And this is very basic Vagrantfile setup. The deeper you dive the complex and beautiful it will.

For more information on building a Vagrantfile , check https://www.vagrantup.com/docs/vagrantfile/


Hope that helps.


=======================THIS IS NOT THE END===========================


Subscribe to: Posts (Atom)