New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a tool to generate X509 certificates #13559
Conversation
Scan build didn't find any errors.
|
6e660ff
to
b808126
Compare
c7f8476
to
f4f04a8
Compare
376f25e
to
7cde851
Compare
The authd IT check fail due to wazuh/wazuh-qa#2922 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please include a coverage report of the added functions.
bc08159
to
d7d5347
Compare
Coverage report |
Reached 100% coverage, GJ! |
d7d5347
to
2eca153
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
2eca153
to
9b9e19f
Compare
This commit also add parameters to specify paths to save both key and certificate.
- Also some style changes in the tool itself.
Also adds style formatting.
Also change some messages.
878af9e
9b9e19f
to
878af9e
Compare
QA review
|
Description
Hello team!
This PR aims to add a tool to generate X509 certificates using the downloaded openssl lib instead of using the CLI. This will avoid unsuccessful manager installations if openssl isn't installed.
Closes #11295
Usage of the tool
The tool is embedded into wazuh-authd:
-C
Specify the certificate validity in days.-B
Specify the certificate key size in bits.-K
Specify the path to store the certificate key.-X
Specify the path to store the certificate.-S
Specify the certificate subject.Cert created with the tool
wazuh-authd -C 265 -B 2048 -K /var/ossec/etc/sslmanager.key -X /var/ossec/etc/sslmanager.cert -S "/C=US/ST=California/CN=wazuh/"
openssl x509 -text -in sslmanager.cert -nout > cert_tool.txt
Cert created using OpenSSL CLI.
openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -subj "/C=US/ST=California/CN=Wazuh/" -keyout /tmp/sslmanager_orig.key -out /tmp/sslmanager_orig.cert
openssl x509 -text -in /tmp/sslmanager_orig.cert -nout > cert_openssl.txt
Tests