Installation of a self-signed certificate?

tendryll

Hi.

How does one install a self-signed certificate? I am using *.crt file to connect to a Docker repository.

Thanks!
Sean

viyoriya

tendryll https://docs.docker.com/registry/insecure/

viyoriya

tendryll i guess this is the one
https://github.com/getsolus/help-center-docs/issues/95

tendryll

viyoriya The Github link didn't work for me. However, the Docker URL provided in your previous post did help. Thank-you!

It would be great if there was documentation on how to import a self-signed certificate using Solus OS.

viyoriya

tendryll c_rehash with dot or ./<foldername> (c_rehash .) this command bit confusing. For your reference

quick one

openssl req -newkey rsa:4096 -nodes -sha256 -keyout testKey.key -x509 -days 365 -out testCrt.crt
openssl x509 -in testCrt.crt -out testPem.pem -outform PEM
sudo cp testPem.pem /etc/ssl/certs
cd /etc/ssl/certs
c_rehash . (this command will create .0 link to the .pem file)
cp ca-certificates.crt ca-certificates.crt.bak
sudo cat *.0 > ca-certificates.crt (if any permission error manually open ca-certificates.crt and append the content of finalPem.pem)

longer one

without password
Generate Keypair
openssl genrsa -des3 -passout pass:x -out opensslKeyPair.key 4096
Extract private key
openssl rsa -passin pass:x -in opensslKeyPair.key -out opensslPrivate.key

with password
Generate Keypair
openssl genrsa -des3 -out opensslKeyPair.key 4096
Extract private key
openssl rsa -in opensslKeyPair.key -out opensslPrivate.key

Remove Keypair
rm opensslKeyPair.key
Create CSR to send it to CA or create your own
openssl req -new -key opensslPrivate.key -out generatedCsr.csr
create your own certificate for 365 days
openssl x509 -req -days 365 -in generatedCsr.csr -signkey opensslPrivate.key -out finalCrt.crt
crt to pem conversion
openssl x509 -in finalCrt.crt -out finalPem.pem -outform PEM

sudo cp finalPem.pem /etc/ssl/certs
cd /etc/ssl/certs
c_rehash .

(Run c_rehash this will create a .0 soft link to the .pem file)

cp ca-certificates.crt ca-certificates.crt.bak
sudo cat *.0 > ca-certificates.crt

(if any permission error manually open ca-certificates.crt and append the content of finalPem.pem)

ssh certificate (for Hadoop)
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa (or) ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa

 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 0600 ~/.ssh/authorized_keys

karypid

According to https://dev.getsol.us/T749, this will result in your certificates being removed if the package is updated by eopkg, so you'd have to repeat the process.

Another interesting thing mentioned there is:

Also make sure your SUB-CAs go into the ca-certificates.crt BEFORE the RootCA. Otherwhise it will fail (!).

I'm in the process of adding an internal CA for self-signed certificates and came across this, so just adding this info as it was important to me.