refs #2009 Adding default certificates to avoid problems startgin nginx

2025-05-19 15:09:16 +02:00 · 2025-05-19 15:09:16 +02:00 · 7c50c1f13f
parent e49d9cfb7e
commit 7c50c1f13f
5 changed files with 119 additions and 0 deletions
--- a/etc/certificates/ca.crt
+++ b/etc/certificates/ca.crt
@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFrzCCA5egAwIBAgIUPmq2FSZvV2NBGIIxx5729SJN0FQwDQYJKoZIhvcNAQEL
+BQAwZzELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk
+cmlkMRIwEAYDVQQKDAlPcGVuZ25zeXMxCzAJBgNVBAsMAkNBMRUwEwYDVQQDDAxv
+cGVuZ25zeXMtY2EwHhcNMjUwNTE2MDgzNjM4WhcNMzUwNTE0MDgzNjM4WjBnMQsw
+CQYDVQQGEwJFUzEPMA0GA1UECAwGTWFkcmlkMQ8wDQYDVQQHDAZNYWRyaWQxEjAQ
+BgNVBAoMCU9wZW5nbnN5czELMAkGA1UECwwCQ0ExFTATBgNVBAMMDG9wZW5nbnN5
+cy1jYTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANSAiJFAU7wV6hYb
+PKmjjuNFp07ITJC0vThRegIXcadAw9cblgYtD6e4KYT8LzrRpZDAazAWLSAY72W8
+i8/wWYcVIMDhtbhKy+pLFL0Z1LJpV6s6ged0wB5wQ37g1RDWeydrY9mEOr0LSC8X
+7ye7mTqtSxECglloRJw5p/9Z5yDZf2t1U6+e3WfZqKLZl9IXBb5cdR9mxUAf23/T
+ciAfTBNgltJ3noQERtjHZqxb9jrqpwaKhnZoGw4fb0poI9OQXitOzoR/b8ADMfUK
+KJ/d9iyq9h6gv4GPEJlDJK89vQlBhJAy8tHR6Qjd0nG+Be6moCndBqiHLAehMxkq
+8JS+bUOsAxq4XSsis5XQHOm/xZ4jlkerNQeeK+b0EDESjdNkKJXVy235FFJbCwGq
+IR8fdYUJenhqsHOd7WEjm5HfYo41mPG3002Wxs8oN1oNbqIzR/fxTGHWJKXX0LVt
+ZKg3s7h0MfmxMIJ5kHsh9wTO4qMIADmWPj5iCIXS15eAU3WJd4yYxTfcu1wwLBuv
+ATtZXLc/LI56PAvU1kXgdIT+OeBctVuBxKy11vrb82LF7WUZI3cP3MoRbGOLnc93
+u8pMu59l+l7pA7wjGJHSyt/H5f52ZHdbz/BMSY96/ETgAUHERM9cMoN+AGrI4Yf8
+8ZiuiAkSmukAShOfa05P8zqcXXjZAgMBAAGjUzBRMB0GA1UdDgQWBBTTPskAqxZM
+a7z7DBkb4MCspW7/bzAfBgNVHSMEGDAWgBTTPskAqxZMa7z7DBkb4MCspW7/bzAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQC+PQBDayFqVA0BAupP
+1ksZW3rXCIPIqSqbOG8BsgnOJXt+7Isql06/3LFEdaztjAptSEqX2K7Q7Ov4ZOF5
+lF2pSuIJwsVbzFbmrejkSZScQmXzAvQmNwMcWjpplhe0DG6hYdLek6IOo7BP2mG
+12l1mZbIkgmMbRK7Up6rQ5c9/PmcTqN5RXe3CEWPpBs5FEoD++k6wtYrZlaTCB2s
+P6taQuN1waO3jfu8KApQlcVEmlxaosrJSu8tBAE/zN9GwpR3WsdrD2iUB2d+g2rB
+RZ1P+DRnwpfIn7SEWUAezGW05Qu2gyfoZkiQ97zOYBXYCYwoNFVFtHnaRLO58cjz
+QR8+CLjs9svsrNXw+1rvUJoYyzh0vEBc+SUxKQ/7EGN6m9P7iod936Eqy6ztvUSV
+LdHxv8g0FOlmlLW1Afmiu2NopVsZqxOm1oZdurt7tYcNncu5AYwFmlP/iyDMmJBI
+hIUHmEUf0+v0K52H/ziIFovI7MVmY1RHlL5DABH+MiM6MmSl0NtW5DbEWEZN1vZI
+d3J6hsL/7o2wDYkLYkTolrBHbmvN5hoFu+b/YBAmrikJ027Lw1H04PvyW+PV1+DI
+4uTQ0NEMLhYBBY0ucg1iw6wsEbHhJwmMmen8/b18ZBytRyTzuKCyD6g6iLMEoDNG
+KOH0n1CGLevamLAYrLTwfXBTYQ==
+-----END CERTIFICATE-----
--- a/etc/certificates/ogboot.crt
+++ b/etc/certificates/ogboot.crt
@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFDjCCAvagAwIBAgIUEcS4b1cHsVkFGWqjVqHPrYkFl0wwDQYJKoZIhvcNAQEL
+BQAwZzELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk
+cmlkMRIwEAYDVQQKDAlPcGVuZ25zeXMxCzAJBgNVBAsMAkNBMRUwEwYDVQQDDAxv
+cGVuZ25zeXMtY2EwHhcNMjUwNTE2MDkxMzE5WhcNMjcwODE5MDkxMzE5WjBrMQsw
+CQYDVQQGEwJFUzEPMA0GA1UECAwGTWFkcmlkMQ8wDQYDVQQHDAZNYWRyaWQxEjAQ
+BgNVBAoMCU9wZW5nbnN5czEPMA0GA1UECwwGb2dib290MRUwEwYDVQQDDAxvZ2Jv
+b3QubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqDJ+pPUEg
+8rzejOkZhM3iOCSulHQJ5igMQP8Q3U4/6jJB7qHJyV93b2CQpUowmG2QA5nZtPDO
+fCiDoYpovunix2nB282xDQACmrZ5P8qhhF3KgP596hwNPDHoyi1SzHv+WkMio/lS
+Ie4RivkyDmcKHmDR6xtJMpr96FLFgAmDDG7Ht0rK64QAJixA3Nqp7N9MqtitoXU9
+y2dAjT8xT3QLhPPoGcBWmn1ttwwc4KwIjSEQC35YtdI42Pq8kdMuRaKQO7ms6rs9
+b/A2QHfYq/JBR/cB5/JTwzHyMhJSVhQ2mJR8NhFESJTEJv2PMOpBKXEV4T60zLTl
+3+lre+6PkKUBAgMBAAGjga0wgaowHwYDVR0jBBgwFoAU0z7JAKsWTGu8+wwZG+DA
+rKVu/28wCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDEGA1UdEQQqMCiCDG9nYm9vdC5sb2NhbIISb3Blbmduc3lz
+Lm5hdGkuY29thwTAqAEsMB0GA1UdDgQWBBRx9Ln26coMMR8qI3gH8/piY4g8yjAN
+BgkqhkiG9w0BAQsFAAOCAgEArybLmxjinaY/Lp/VjbUgaHo1nrkFsJU7LMTInqhT
+D/YPTODKTk12CqBxOtChKmX5y7Aydv7vEmuoy7vUmEIBDCM+8W2yBnB6j1A/rgPv
+4OufjCdnTeyGzcMmX+PE1d7it0Iyl8p2vAHnQC3DkWeBbAhwLd89vc2KyCfGp3F
+1vrQTFO6/Oxf2zgzRfkQJWtCIkh8io+urCDm7khns7wU6LxVJpsYKcsBtcvcmnDi
+dHvHxzlyoyxL6/x8irYeKo01exUwdLR9BwGb54/rIvgtsN/iaOC9jVd76x4pP9Cy
+F3Ici9bc7P/snDZoDgqMfDX0Au6QNJTfnDCltZk8HBfGlH3TiiL3XK9EiAWHv7PG
+p2yGpt0rMr2RP0gxm/Uysill+zZtJoFzShdcTNqDT0sCDLfB0SuRGkVPLFY3i9vk
+SfDcNVq8ltEjpCPrtlwLOxedLFjUFJzIbj67GqwY3R4d8XpxECUiFzawYNSOAckJ
+CCLY73GslRgWw0uoHVJ5/l+CnECLYdzYEczeEeDvbT3oMT4blMdOBdhbqeqdIKL4
+mug/YFiVTZyuya1jE6NfAgRV2keuM6nRdMjnE+JIrwfi4Rea9nRp6xH1+rKfZoUq
+tYyl8te8Bu/l1VfO1AQeI7aSR1+KfZhs1i3FtvRANCcQoyB6VqznSOBYtaTGOq8M
+4W8=
+-----END CERTIFICATE-----
--- a/etc/certificates/ogboot.ext
+++ b/etc/certificates/ogboot.ext
@ -0,0 +1,10 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = ogboot.local
+DNS.2 = opengnsys.nati.com
+IP.1 = 192.168.1.44
--- a/etc/certificates/ogboot.key
+++ b/etc/certificates/ogboot.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCqDJ+pPUEg8rze
+jOkZhM3iOCSulHQJ5igMQP8Q3U4/6jJB7qHJyV93b2CQpUowmG2QA5nZtPDOfCiD
+oYpovunix2nB282xDQACmrZ5P8qhhF3KgP596hwNPDHoyi1SzHv+WkMio/lSIe4R
+ivkyDmcKHmDR6xtJMpr96FLFgAmDDG7Ht0rK64QAJixA3Nqp7N9MqtitoXU9y2dA
+jT8xT3QLhPPoGcBWmn1ttwwc4KwIjSEQC35YtdI42Pq8kdMuRaKQO7ms6rs9b/A2
+QHfYq/JBR/cB5/JTwzHyMhJSVhQ2mJR8NhFESJTEJv2PMOpBKXEV4T60zLTl3+lr
+e+6PkKUBAgMBAAECggEAEwjmtmMM70s8qQzM6vZatX/jW0dy1cjVosmDw7eCEtV8
+WrUDlzrbXNsyy/40l8v4N66vghcm/XYYcuOaQq9cLu5zgCfClpcF8USwOFJTtFDE
+zu4xjpauHS0nyQ8Yk7QgDRC9gxsnxXHW3E/aJShHkHJmFBllLIRlpRZkbYcviWOk
+Ct5cxwJT2cyZgcNK9sVi+kizxMgZFih5UUv/72uhLKu9MyqNL4XkdNMy56YGyiH1
+dtmrNVbudxRUuNmdRgnBTBfQAmmy9yxkwW9ngHS0nqhd2bMGBMYAL+B/mVPMRn84
+4+oSR3yhNExvR4RIvFCng6n9NyG8CAO1N/MPASNXgQKBgQDhAOurLdhI1frDWBbv
+iy9cxHeNSOWFnhn15thUncyAq5pTYlxnrXdrYzxkXfzib39M79QBDR2hZGCSl0QA
+UCW7zyRIe/tTz9KFNslrvvdBIjMGNpc59FReO4FWOF0oU0TcO6XJXcHPSyq0fZJo
+46X7d3Z7ZrANYvAloYCzOjuKTQKBgQDBeakEw+lBcRA2/qj/tOwSCZt+SltqzJXS
+uCkCL7kW0aWbQaFqvANioGf10HHwrSDTig2Kuui9CxcfYWJEyBqezZ2UkXgCne8T
+OYf7Su4iqr6NsQHGyzE/drobQv9HdS33RNGc0RN9HYojA0MXyPZaVJxv335htqk
+89juIrh3hQKBgQCm8bnqbr+Vez7uBcQuxATGPfe+WqIB/AajDz7fuZ1ssuZ0i/yn
+6Gs8wIqkpZ/mmnfHrAKPLR4ZC5Mj8RxBZzY4HT98kJEv5Hj84mOckDqAl1FogMS/
+WtH57rVMEjejLoA9jjSKcCNf+YVuT4SmSYkaMT+Vni11fz8ztHhKYnX2QKBgQCu
+O6ytYOyPhY1vqThyRvENcV95hOb8r88A2936XRXW6ee0gI8n+rclu4TDxvrFHnRg
+bIOzeo0bqYAiP2XqwTXP6yVM5Q/pc2cZWl2LRN/Jqf89o9I3AA76PA5Gn+VbBeFJ
+zyqLmERb25oI+87IZGl5YjLfwu5kp0ABqqOiGNx8rQKBgQClfdfawzybv2dVQ/2C
+l3VOM84HCJQuk+LGd5p4XPLxOPXZ7aQMOjx38L1WQU9KM6ts+xc+yH0wqeMXAsl+
+Jz1kOEAvpLR4F/5iDSbT6TXSNVfhPGyfIPFMIG0MNOwrRpWziKTH6CjInIh08dzZ
+9Feb5YJqaC4DZV50WMPa6UmbXg==
+-----END PRIVATE KEY-----
--- a/etc/stunnel/stunnel-ogboot-client.conf
+++ b/etc/stunnel/stunnel-ogboot-client.conf
@ -0,0 +1,18 @@
+# === GENERAL ===
+foreground = yes
+client = yes
+debug = 7
+output = /var/log/opengnsys/stunnel-client-ogboot.log
+
+# === TUNEL TLS CLIENTE ===
+[api_tls_client]
+accept = 127.0.0.1:9443
+connect = 192.168.1.10:8443
+
+# Certificado del cliente (presentado al servidor)
+cert = /opt/opengnsys/ogboot/etc/certificates/ogboot.crt
+key  = /opt/opengnsys/ogboot/etc/certificates/ogboot.key
+
+# CA del servidor (para verificar el servidor remoto)
+CAfile = /opt/opengnsys/ogboot/etc/certificates/ca.crt
+verify = 2