- ASAv
https://software.cisco.com/download/home/286119613/type/280775065/release/9.18.3
There may be newer releases out, but this has been built with 9.18(3) using the VMWare Package.
#!/bin/bash | |
org=org.nz | |
echo "Applying VPN Cert for $1" | |
certbot certonly --config-dir . --preferred-challenges dns --authenticator certbot-dns-standalone:dns-standalone -d $1.$org | |
openssl pkcs12 -export -out $1 -passout pass:password -in live/$1.$org/cert.pem -inkey live/$1.$org/privkey.pem | |
# If you have a newer version of openssl you may need to add -legacy to generate legacy version of the PKCS12 file needed by the ASA. | |
date=`date --date="$(openssl x509 -in live/$1.$org/cert.pem -enddate -noout | cut -d= -f 2)" +%Y%m%d` |
from bs4 import BeautifulSoup | |
import re | |
import requests | |
# Disable warnings to prevent annoying messages in the console | |
requests.packages.urllib3.disable_warnings() | |
ASA_USERNAME = 'APIUser' | |
ASA_PASSWORD = 'xxxx' | |
ASA_IP = "10.x.x.xx" |
# Generate a 5 year self signed cert without KeyUsage, Subject Key Identifier and Enhanced Key Usage | |
# As per: https://learn.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate | |
$Certificate=New-SelfSignedCertificate –Subject "SAML SSO Certificate" -CertStoreLocation Cert:\CurrentUser\My -KeyUsage None -KeyAlgorithm RSA -KeyLength 2048 -KeyExportPolicy Exportable -NotAfter (Get-Date).AddYears(5) -SuppressOid "2.5.29.14","2.5.29.37" | |
# Exported DER binary public key file | |
Export-Certificate -Cert $Certificate -FilePath ".\SSO.cer" | |
# Exported PEM text format public key file | |
$pemFileContent = @( | |
'-----BEGIN CERTIFICATE-----' |
# Time step of the OTP. 1=30s, 2=60s | |
$TimeStep = 2 | |
$AzureTime = $TimeStep * 30 | |
# Sleep timeout. 1=15s, 2=30s, 3=60s, 4=120s | |
$ScreenTimeout = 3 | |
# Create 32 Bit Base32 string - From support.yubico.com/hc/en-us/articles/360015668699-Generating-Base32-string-examples | |
$RNG = [Security.Cryptography.RandomNumberGenerator]::Create() |
import urllib.request | |
from bs4 import BeautifulSoup | |
import json | |
# Retrieve Azure Public URL to find JSON URL in the documnet | |
azure_public_IP_url = "https://www.microsoft.com/en-us/download/details.aspx?id=56519" | |
azure_public_IP_url_content = urllib.request.urlopen(azure_public_IP_url).read() | |
azure_public_IP_url_soup = BeautifulSoup(azure_public_IP_url_content, "html.parser") | |
azure_wvd_ip = [] |
to | cc | firstname | fullname | |
---|---|---|---|---|
peter@email.local | shared@email.local; manager@email.local | Peter | Peter Lambrechtsen |
openssl req -x509 -newkey rsa:2048 -sha256 -days 365 -nodes -keyout Root.key -out Root.pem -subj '/CN=Root CA' -addext 'subjectKeyIdentifier=hash' | |
openssl req -new -newkey rsa:2048 -sha256 -nodes -out Intermediate.csr -keyout Intermediate.key -subj '/CN=Intermediate CA' | |
# -- Intermediate.ext -- | |
cat <<EOF > Intermediate.ext | |
authorityKeyIdentifier=keyid,issuer | |
subjectKeyIdentifier=hash | |
basicConstraints=CA:TRUE | |
keyUsage = digitalSignature, keyCertSign |
https://software.cisco.com/download/home/286119613/type/280775065/release/9.18.3
There may be newer releases out, but this has been built with 9.18(3) using the VMWare Package.
openssl req -x509 -newkey rsa:2048 -sha256 -days 3560 -nodes -keyout server.key -out server.pem -subj '/CN=server' -addext 'subjectAltName = DNS:server, DNS:server.local' | |
openssl pkcs12 -export -inkey server.key -in server.pem -out server.pfx -passout pass:password |
''' | |
Convert TOTP Base32 Seeds into Base16/Hex format and vice versa based on CSV with: | |
SerialNumber,SeedValue | |
If the seed value isn't a valid Base32 then the base32 decoder will exception so assume it's Base16/Hex | |
''' | |
import base64 | |
import sys | |
filename = 'seeds.csv' |