From 1e03ff55860eb13aab031496c9268e80e5126994 Mon Sep 17 00:00:00 2001 From: Guillaume Thouvenin Date: Thu, 23 Jun 2016 15:38:26 +0200 Subject: [PATCH] Add information to generate SSL certificate Change-Id: I24cb48c2c0da441885c0d688adfc502738c848cf --- fixtures/https/Readme.md | 69 +++++++++++++++++++++++++++++++++++++++ fixtures/https/rootCA.key | 51 +++++++++++++++++++++++++++++ fixtures/https/rootCA.pem | 35 ++++++++++++++++++++ 3 files changed, 155 insertions(+) create mode 100644 fixtures/https/Readme.md create mode 100644 fixtures/https/rootCA.key create mode 100644 fixtures/https/rootCA.pem diff --git a/fixtures/https/Readme.md b/fixtures/https/Readme.md new file mode 100644 index 0000000..b216cae --- /dev/null +++ b/fixtures/https/Readme.md @@ -0,0 +1,69 @@ +# Contents + +- **rootCA.key** is the key used to self-signed rootCA.pem +- **rootCA.pem** is the certificate that will act as the **StackLight Root Authority** + +The certificate has the following information: +``` +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10160165599701850419 (0x8d0028c8355f5933) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FR, ST=Rhone-Alpes, L=Grenoble, O=Mirantis, OU=StackLight, CN=StackLight Root Authority/emailAddress=mirantis@example.com + Validity + Not Before: Jun 23 14:43:30 2016 GMT + Not After : Oct 25 14:43:30 3015 GMT + Subject: C=FR, ST=Rhone-Alpes, L=Grenoble, O=Mirantis, OU=StackLight, CN=StackLight Root Authority/emailAddress=mirantis@example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + ... +``` + +# Client settings + +To be able to validate the certificate generated by the **StackLight Root +Authority** you need to download it into your web browser or pass it to +the client by using the correct option. + +# Create a certificate + +Follow these steps to generate a new certificate that can be used to enable +HTTPS for the StackLight plugins. + +- Generate the key for the plugin _my-plugin_. +``` +openssl genrsa -out my-plugin.key 2048 +``` + +- Create the certificate signing request. +``` +openssl req -new -key my-plugin.key -out my-plugin.csr +``` +Here is an example on how to fill the fields for the Grafana plugin where +the choosen FQDN is _grafana.fuel.local_: +``` +Country Name (2 letter code) [AU]:FR +State or Province Name (full name) [Some-State]:Rhone-Alpes +Locality Name (eg, city) []:Grenoble +Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mirantis +Organizational Unit Name (eg, section) []:Fuel plugins +Common Name (e.g. server FQDN or YOUR name) []:grafana.fuel.local +Email Address []:mirantis@example.com +Please enter the following 'extra' attributes +to be sent with your certificate request +A challenge password []: +An optional company name []: +``` +For _challenge password_ and _optional company_ just press enter. + +- Sign it with the CA root key. +``` +openssl x509 -req -in my-plugin.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out my-plugin.crt -days 500 -sha256 +``` + +- Concatenate the certificate and the private key into a single file. +``` +cat my-plugin.crt my-plugin.key > my-plugin.pem +``` diff --git a/fixtures/https/rootCA.key b/fixtures/https/rootCA.key new file mode 100644 index 0000000..f3e5151 --- /dev/null +++ b/fixtures/https/rootCA.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKgIBAAKCAgEA41Qj2+urFaScCLasLcbCi1w72E6mAeHqBfdV7Y4Fe5x+7uEx +JCXaxYUBmH1e0qi7jKqkKz1kVgNN5p8mR5GyGrPLAoYM/2fw9Z0Vguk2UuLhCNws +i9F88hnZWENkD+pgUBrc2HH2ZF5liSGjacSb268pCIQFBTVsx1oYdDKrJOxxUsmT +3waJGTfsgGeyZ3G2oywvnrEGgOKwcUeymmmGid0hhsKGYN4BD3TAUZnfr4dkjaNA +eGDc98YlYOsW+POdj32o8/5lX1XGQFoUZKaM18npHgXiKYiT93Yjn1v7ks1e4uOG +LkDQUJY+rVbFHVy1UUUv3Mzj1Dqc5raXXHgxN/AJU9h/oGB/4lzipKRP0as1AS7W +H6x1nEnXjRc6Xp66l7jmtlMkh63xBAEnyBcRabWjiDw4FTqJC5epN/b46n3XRpK6 +VRrVSGNGHWAN1Eu6hO4bI0STthFc9Mx/Saa5CG4htC2QeyujYkmlInR7q/mfWJyz +frQMf5AI1SoLD4+BOKKia/VmOkYLgRDH2Z6fOFAtrXtp62rs+i21xxUHkVbCCsXh +KhcG/W8YFTH2jTzwi+JT+WxS4NxNk0kNge4moAeTCpKe5HnsWSiooYtE10Wbp7uk +rlrw8dT9ghEhnUzyrAR1gF+1ML5u3WGkUCRe1OUuUm+UpLyEEsrPi7qeh2ECAwEA +AQKCAgEAgCsyRI4s2XkDmE4V6YFEsnoAK8a8BhevcEmxIsyN/tGPJ3PD1xOYswB4 +k9crnS4RABA9mztz1KLsSvi0Bmn4tuFjtjqKHX4m9vPn6vU98aGFKw+n9fTYs08r +oX3tbqPARam/ljE6sAAg0x4qGjoFfejWA70bb4JdoFAFtY3TvG+qvPh17KqspZFI +QGU2yufsBzekaZ55gjVNMbEw26pfdl88xdPrG7ZPdr1mqRtOaJK3eLvwX26NZw1K +ichCHX6M+RfqKBboZMXhjuq60LyucAOg8ZJznuMoOb9b+j9MKcqsktOhFXbpfGYZ +VHW1kQZyHC4b/Ctw0HlzeQi9ch8577VnxvIYZ5WognznDwSv60lwXA4b5TNM8Ri/ +Gtaki3TQkU8/n7rXhBLwEF6Hl2QgHc3gTWftnQAocyk8+QX1MjzdmvtQWqmPZVC/ +j++gBOZWPZLkcQKH0KsK9cYA4EpasT2uXTuSx/m6sEHuGCJM0csagmsUDFOk2ivC +jLk+mIsK3wxuXdMR9Vf/FK3M/YpFWN2AwPE3Y3fqIsTXQHKTwYH2CxwFLMhBd/s6 +ZQ5Tu04800VypXcvr4C9byOo96eIbhaZXboFEYvbmXk6RgXcafXTeVm9MRDYWCzu +DTY2KVxV30UhBEwWCK8SzFlHDoJHPelMXux4+7DMG17q3B9WXIECggEBAP9qAyQX +etR5J6mQhDnmiVTdyuomtxsL8AFHkvsmsUrujfaZohQDaKFeE2ojCewUdSL72aae +fQgucPpgsqQcV4ptNFZoFMRxMCTqoy7lTEI7bC7bjvhXw7Vav3bLWUYU/7LKx+f1 +QiQEHcUSk6mKgp799ygXYk8DJwsQKYZTEbIDY5sYW64KTAgA/xTMe0wzoPlqpsK9 +7TJJA8TX0SX/mwOyuWL3+Lbrsydqf1MA+9CNVwPWiw/nnmrJpqAYKIUPcB8q2tXS +Nr6l6LJj8Dafq/Bi7vyeqd+GxRnw9RAO0WlyppfjETaN99uGAfPrdaLd3Jw9o3Qp +3u/7pg+gu3z10akCggEBAOPZopWC3UVNPoy7wXjmEzAc5Knr7MPkKYj67MDyT00X +HLPCU5h3xh1TW1nCSY2Uug6BFSKcdNYZyaVOKJpcJml1oPAg75wWz4JttTLrHY+Q +jnp6ZqzdNwbOpHUuNQ5Tcnf4v1XjQJeIJCF7VXAM3DOC3zFcVVHPLV2nwjaaXigu +teYJxxssChuzmD7lxUgFjrNMcE7/2SVa2b9cC+XGBKr/J1vlw8Yhd/JHB/JvpZzU +Q/+iq9RzTjDap0zhe9OlnxJo9c615sXIyulyIjEAykQZSW2SJLLGmtN6ALfxXQ94 +5tJm4xO+Fk57T6gsVerCjTmyLM7Fme47xOEpf8nNCvkCggEAcppAuosGhBuwnjbH +/arhaAD0sUeZ1Trv/8L7wlFEL9kGPeYFgXFeGzm5AGCkbRdoz7+tk0N92pPsAYwt +29ETvnrthu/Akbwv3ACkI8CjDPzYt9WwOuI2YENNsaHgdr+pU7IFLKExgjOOoASL +2QDbRzexFH4ZkFZbyG0CFNFlGTjIEqlFSbw5DUZVLiHqGPD5g7BFDxBlQ7DbThGA +OMqN5YTmBfA52um7Qy5X3wiL9LHWn1Q+pW5J+KRubVspozqgFnwGIPbntXeAB7sr +53aRkZTyossWccNo4RDrBL+BWw0kjvZFnPLqiceBTM8Tw3ZFLJ3Dn7XB4HBLvKtk +NNefsQKCAQEAihqA5FR0n6vJLO4kv43ctX3dz2yTjsx9rGxDElQMYvKOUBqKJtD6 +QQ4kQYx0np82AtKUp+zjGF57DXoJPD58fdFxYfrkoNxmnGy4tosx2LHK2kvUbhSL +ZNHddrUyLWPA7xzThFCA9xfqpmymBYuV8Jbzh2yqvjJwEeM74XLBfWOKl0r35u1T +lyTNM9p7MENGEkFTlV6YFH8zmjxFbdkPPUH4bkge2LmyhSQumfC4Fg3GxWyo79WP +4Ca33u6Q6mDpwPPjgY5ZuSoSa1rlhIQxFQOqsQIywjWE5Id/Zf6i5Fzos0DvhCjk +Rl+RkaKF1QxlI0JuzEmTGoYZuEw6C2v/qQKCAQEArfMnfqBQfix6qDEafC9NdK8G +hPhGIcgVAVgbTvy0hFX/vse+lRi9DpGmYT3+s/y1NPKWnypAaiqFqPMnlSv2Sthg +6jmi0PQ4KMABExko+JSuFCa3aX5P1x76ptsYx+5hWUVqyEznyPKxvca7VP80OhTN +KoQUn4g/zXeJ5Ygme/UPbc+IkWRsyW49WvJXNJASbxEpbWVOE2W5ntQS1c3J3A1C +dtlz+7DHKQQfQBA/f3ZaFdQCh6T2YjjpQWL2rIIKc5g6WMrc/G5b3KIWsupCU4+C +th4a2TvYwps1rPXFweBXYxmcdnzIZFaeCXnMtiZVafehuMyZvK1mky2j866GfA== +-----END RSA PRIVATE KEY----- diff --git a/fixtures/https/rootCA.pem b/fixtures/https/rootCA.pem new file mode 100644 index 0000000..ac4c5b7 --- /dev/null +++ b/fixtures/https/rootCA.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGJTCCBA2gAwIBAgIJAI0AKMg1X1kzMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYD +VQQGEwJGUjEUMBIGA1UECAwLUmhvbmUtQWxwZXMxETAPBgNVBAcMCEdyZW5vYmxl +MREwDwYDVQQKDAhNaXJhbnRpczETMBEGA1UECwwKU3RhY2tMaWdodDEiMCAGA1UE +AwwZU3RhY2tMaWdodCBSb290IEF1dGhvcml0eTEjMCEGCSqGSIb3DQEJARYUbWly +YW50aXNAZXhhbXBsZS5jb20wIBcNMTYwNjIzMTQ0MzMwWhgPMzAxNTEwMjUxNDQz +MzBaMIGnMQswCQYDVQQGEwJGUjEUMBIGA1UECAwLUmhvbmUtQWxwZXMxETAPBgNV +BAcMCEdyZW5vYmxlMREwDwYDVQQKDAhNaXJhbnRpczETMBEGA1UECwwKU3RhY2tM +aWdodDEiMCAGA1UEAwwZU3RhY2tMaWdodCBSb290IEF1dGhvcml0eTEjMCEGCSqG +SIb3DQEJARYUbWlyYW50aXNAZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDjVCPb66sVpJwItqwtxsKLXDvYTqYB4eoF91XtjgV7nH7u +4TEkJdrFhQGYfV7SqLuMqqQrPWRWA03mnyZHkbIas8sChgz/Z/D1nRWC6TZS4uEI +3CyL0XzyGdlYQ2QP6mBQGtzYcfZkXmWJIaNpxJvbrykIhAUFNWzHWhh0Mqsk7HFS +yZPfBokZN+yAZ7JncbajLC+esQaA4rBxR7KaaYaJ3SGGwoZg3gEPdMBRmd+vh2SN +o0B4YNz3xiVg6xb4852Pfajz/mVfVcZAWhRkpozXyekeBeIpiJP3diOfW/uSzV7i +44YuQNBQlj6tVsUdXLVRRS/czOPUOpzmtpdceDE38AlT2H+gYH/iXOKkpE/RqzUB +LtYfrHWcSdeNFzpenrqXuOa2UySHrfEEASfIFxFptaOIPDgVOokLl6k39vjqfddG +krpVGtVIY0YdYA3US7qE7hsjRJO2EVz0zH9JprkIbiG0LZB7K6NiSaUidHur+Z9Y +nLN+tAx/kAjVKgsPj4E4oqJr9WY6RguBEMfZnp84UC2te2nrauz6LbXHFQeRVsIK +xeEqFwb9bxgVMfaNPPCL4lP5bFLg3E2TSQ2B7iagB5MKkp7keexZKKihi0TXRZun +u6SuWvDx1P2CESGdTPKsBHWAX7Uwvm7dYaRQJF7U5S5Sb5SkvIQSys+Lup6HYQID +AQABo1AwTjAdBgNVHQ4EFgQUvRoj5PYpT7o0XJeLJxN3qElMwg0wHwYDVR0jBBgw +FoAUvRoj5PYpT7o0XJeLJxN3qElMwg0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B +AQsFAAOCAgEAQNUOrdFB+VkcRe0TEcra9ibxX4H9JCGLVewX29dAwaEymbrQg1e8 +amxV+XqrMFmUE9VLdECBz0DHrEqSMnGaItdpsTOmA4k8oPK/qWSkvg0qjAuTN+TV +u9ajO/Y3HoQ3WWbxEdqB8OrpZnWJe9mOrGMSVdEUlZYdGPprkUwC9NPsPtUHitlr +PBq+3/rnh7onWerAJskEPY9bTP2+tR6438KTRr3TX/37s4Kqot+nnC9RBRHBB9kz +cf++4ynCkdw1Rc3QayFSyor0tjE6/5mEpnHBOoC3u6tTvz4+XPNnRp+JBLgRu9HY +M/CrNNxV0B3Zq56kY63GUOb87gVZVz1NUDrJKXjMqkqIOyPmiW60SyDbnS9Wg++h +c/EVcB/IbysuY+0IzaHRTsL+j9NRU9rgurxqpnVW8h8JvpLyFs6p7s3ADm1OTZ/N +nIeao94l+QijfI8PwCSxDvMd0v4KkyZXFcxaI/iLSwRHwch0c+nvN8WmZBcyP02p +PgHU9WRq1rhMjthyCwxej75bGjD+bxrtjfn0bZ0ASCoE0TXgLou9UjEtkexvhHiK +D/ddcS7PjP5eUyasZeaHcn237VYna3TWlY6Lw9RNsH6vveeR5pHeT4pUmD7WbyAB +Y6XFKtgXkwiYw511MbVJ1Pa/ob6dBKVPEK1L2Y/Fjw1w3gXW4pxErtk= +-----END CERTIFICATE-----