For educational reasons I've decided to create my own CA. Here is what I learned.
Lets get some context first.
Adam Heczko miradam
miradam
/ gencert.py
Created
February 14, 2017 15:05
— forked from toolness/gencert.py
Python script to create server SSL certs and sign them with a custom CA.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/python | |
| """ | |
| This simple script makes it easy to create server certificates | |
| that are signed by your own Certificate Authority. | |
| Mostly, this script just automates the workflow explained | |
| in http://www.tc.umn.edu/~brams006/selfsign.html. | |
| Before using this script, you'll need to create a private |
miradam
/ ca.md
Created
February 14, 2017 15:06
— forked from soarez/ca.md
How to setup your own CA with OpenSSL
miradam
/ etcd3.py
Created
March 20, 2017 07:43
— forked from dims/etcd3.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import json | |
| import requests | |
| import six | |
| import time | |
| import uuid | |
| DEFAULT_TIMEOUT = 30 | |
| LOCK_PREFIX = '/locks/' |
miradam
/ infra-secret-management-overview.md
Created
June 2, 2017 10:01
— forked from maxvt/infra-secret-management-overview.md
Infrastructure Secret Management Software Overview
Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.
This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.
There is a companion feature matrix of various tools. Comments are welcome in the same manner.
miradam
/ audit.sh
Created
October 16, 2017 07:38
— forked from colebrooke/audit.sh
Setting up auditd on Ubuntu 14.04 to monitor both tty and root commands
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Justin Miller 08/04/16 | |
| # Setup auditd | |
| # command example: | |
| # aureport --tty | |
| # | |
| # to view root commands: | |
| # ausearch -ue 0 | |
| # to view user commands: | |
| # ausearch -ua <userid> |
miradam
/ realmd_ubuntu1404.md
Created
October 30, 2017 21:57
— forked from troyfontaine/realmd_ubuntu1404.md
Steps to join an Ubuntu 14.04 Server to Active Directory using realmd
miradam
/ websso_federation_setup.sh
Created
November 27, 2017 08:59
setup websso environment in one shot, works with google
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| fqdn=sso-demo.test.ibmcloud.com | |
| user=ibmcloud | |
| # Install the OpenID Connect apache module | |
| # not necessary, but will resolve any config errors when installing the module | |
| sudo apt-get install libjansson4 libhiredis0.10 libcurl3 -y | |
| sudo apt-get install -f -y | |
| # TODO: figure out why v1.8.4 and 1.8.5 won't install |
miradam
/ ovpn_client.sh
Created
February 27, 2018 01:03
OpenVPN Client Configuration Generate Script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # OpenVPN configuration Directory | |
| OPENVPN_CFG_DIR=/etc/openvpn | |
| # Directory where EasyRSA outputs the client keys and certificates | |
| KEY_DIR=/etc/openvpn/easy-rsa/keys | |
| # Where this script should create the OpenVPN client config files | |
| OUTPUT_DIR=/etc/openvpn/client-config |
miradam
/ iptables-cheatsheet.md
Created
April 13, 2018 09:07
— forked from mcastelino/iptables-cheatsheet.md
iptables-cheatsheet
miradam
/ keycloak.sh
Created
April 19, 2018 07:44
— forked from paoloantinori/keycloak.sh
Keycloak Admin API Rest Example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export TKN=$(curl -X POST 'http://localhost:8080/auth/realms/master/protocol/openid-connect/token' \ | |
| -H "Content-Type: application/x-www-form-urlencoded" \ | |
| -d "username=admin" \ | |
| -d 'password=admin' \ | |
| -d 'grant_type=password' \ | |
| -d 'client_id=admin-cli' | jq -r '.access_token') | |
| curl -X GET 'http://localhost:8080/auth/admin/realms' \ |
OlderNewer