From 7c50c1f13f8cbc600c46f461c664f00a1dafd75a Mon Sep 17 00:00:00 2001 From: Nicolas Arenas Date: Mon, 19 May 2025 15:09:16 +0200 Subject: [PATCH] refs #2009 Adding default certificates to avoid problems startgin nginx --- etc/certificates/ca.crt | 33 ++++++++++++++++++++++++++ etc/certificates/ogboot.crt | 30 +++++++++++++++++++++++ etc/certificates/ogboot.ext | 10 ++++++++ etc/certificates/ogboot.key | 28 ++++++++++++++++++++++ etc/stunnel/stunnel-ogboot-client.conf | 18 ++++++++++++++ 5 files changed, 119 insertions(+) create mode 100644 etc/certificates/ca.crt create mode 100644 etc/certificates/ogboot.crt create mode 100644 etc/certificates/ogboot.ext create mode 100644 etc/certificates/ogboot.key create mode 100644 etc/stunnel/stunnel-ogboot-client.conf diff --git a/etc/certificates/ca.crt b/etc/certificates/ca.crt new file mode 100644 index 0000000..a5e78ba --- /dev/null +++ b/etc/certificates/ca.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFrzCCA5egAwIBAgIUPmq2FSZvV2NBGIIxx5729SJN0FQwDQYJKoZIhvcNAQEL +BQAwZzELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk +cmlkMRIwEAYDVQQKDAlPcGVuZ25zeXMxCzAJBgNVBAsMAkNBMRUwEwYDVQQDDAxv +cGVuZ25zeXMtY2EwHhcNMjUwNTE2MDgzNjM4WhcNMzUwNTE0MDgzNjM4WjBnMQsw +CQYDVQQGEwJFUzEPMA0GA1UECAwGTWFkcmlkMQ8wDQYDVQQHDAZNYWRyaWQxEjAQ +BgNVBAoMCU9wZW5nbnN5czELMAkGA1UECwwCQ0ExFTATBgNVBAMMDG9wZW5nbnN5 +cy1jYTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANSAiJFAU7wV6hYb +PKmjjuNFp07ITJC0vThRegIXcadAw9cblgYtD6e4KYT8LzrRpZDAazAWLSAY72W8 +i8/wWYcVIMDhtbhKy+pLFL0Z1LJpV6s6ged0wB5wQ37g1RDWeydrY9mEOr0LSC8X +7ye7mTqtSxECglloRJw5p/9Z5yDZf2t1U6+e3WfZqKLZl9IXBb5cdR9mxUAf23/T +ciAfTBNgltJ3noQERtjHZqxb9jrqpwaKhnZoGw4fb0poI9OQXitOzoR/b8ADMfUK +KJ/d9iyq9h6gv4GPEJlDJK89vQlBhJAy8tHR6Qjd0nG+Be6moCndBqiHLAehMxkq +8JS+bUOsAxq4XSsis5XQHOm/xZ4jlkerNQeeK+b0EDESjdNkKJXVy235FFJbCwGq +IR8fdYUJenhqsHOd7WEjm5HfYo41mPG3002Wxs8oN1oNbqIzR/fxTGHWJKXX0LVt +ZKg3s7h0MfmxMIJ5kHsh9wTO4qMIADmWPj5iCIXS15eAU3WJd4yYxTfcu1wwLBuv +ATtZXLc/LI56PAvU1kXgdIT+OeBctVuBxKy11vrb82LF7WUZI3cP3MoRbGOLnc93 +u8pMu59l+l7pA7wjGJHSyt/H5f52ZHdbz/BMSY96/ETgAUHERM9cMoN+AGrI4Yf8 +8ZiuiAkSmukAShOfa05P8zqcXXjZAgMBAAGjUzBRMB0GA1UdDgQWBBTTPskAqxZM +a7z7DBkb4MCspW7/bzAfBgNVHSMEGDAWgBTTPskAqxZMa7z7DBkb4MCspW7/bzAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQC+PQBDayFqVA0BAupP +1ksZW3rXCIPIqSqbOG8BsgnOJXt+7Isql06/3LFEdaztjAptSEqX2K7Q7Ov4ZOF5 ++lF2pSuIJwsVbzFbmrejkSZScQmXzAvQmNwMcWjpplhe0DG6hYdLek6IOo7BP2mG +12l1mZbIkgmMbRK7Up6rQ5c9/PmcTqN5RXe3CEWPpBs5FEoD++k6wtYrZlaTCB2s +P6taQuN1waO3jfu8KApQlcVEmlxaosrJSu8tBAE/zN9GwpR3WsdrD2iUB2d+g2rB +RZ1P+DRnwpfIn7SEWUAezGW05Qu2gyfoZkiQ97zOYBXYCYwoNFVFtHnaRLO58cjz +QR8+CLjs9svsrNXw+1rvUJoYyzh0vEBc+SUxKQ/7EGN6m9P7iod936Eqy6ztvUSV +LdHxv8g0FOlmlLW1Afmiu2NopVsZqxOm1oZdurt7tYcNncu5AYwFmlP/iyDMmJBI +hIUHmEUf0+v0K52H/ziIFovI7MVmY1RHlL5DABH+MiM6MmSl0NtW5DbEWEZN1vZI +d3J6hsL/7o2wDYkLYkTolrBHbmvN5hoFu+b/YBAmrikJ027Lw1H04PvyW+PV1+DI +4uTQ0NEMLhYBBY0ucg1iw6wsEbHhJwmMmen8/b18ZBytRyTzuKCyD6g6iLMEoDNG +KOH0n1CGLevamLAYrLTwfXBTYQ== +-----END CERTIFICATE----- diff --git a/etc/certificates/ogboot.crt b/etc/certificates/ogboot.crt new file mode 100644 index 0000000..2de267a --- /dev/null +++ b/etc/certificates/ogboot.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFDjCCAvagAwIBAgIUEcS4b1cHsVkFGWqjVqHPrYkFl0wwDQYJKoZIhvcNAQEL +BQAwZzELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk +cmlkMRIwEAYDVQQKDAlPcGVuZ25zeXMxCzAJBgNVBAsMAkNBMRUwEwYDVQQDDAxv +cGVuZ25zeXMtY2EwHhcNMjUwNTE2MDkxMzE5WhcNMjcwODE5MDkxMzE5WjBrMQsw +CQYDVQQGEwJFUzEPMA0GA1UECAwGTWFkcmlkMQ8wDQYDVQQHDAZNYWRyaWQxEjAQ +BgNVBAoMCU9wZW5nbnN5czEPMA0GA1UECwwGb2dib290MRUwEwYDVQQDDAxvZ2Jv +b3QubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqDJ+pPUEg +8rzejOkZhM3iOCSulHQJ5igMQP8Q3U4/6jJB7qHJyV93b2CQpUowmG2QA5nZtPDO +fCiDoYpovunix2nB282xDQACmrZ5P8qhhF3KgP596hwNPDHoyi1SzHv+WkMio/lS +Ie4RivkyDmcKHmDR6xtJMpr96FLFgAmDDG7Ht0rK64QAJixA3Nqp7N9MqtitoXU9 +y2dAjT8xT3QLhPPoGcBWmn1ttwwc4KwIjSEQC35YtdI42Pq8kdMuRaKQO7ms6rs9 +b/A2QHfYq/JBR/cB5/JTwzHyMhJSVhQ2mJR8NhFESJTEJv2PMOpBKXEV4T60zLTl +3+lre+6PkKUBAgMBAAGjga0wgaowHwYDVR0jBBgwFoAU0z7JAKsWTGu8+wwZG+DA +rKVu/28wCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDEGA1UdEQQqMCiCDG9nYm9vdC5sb2NhbIISb3Blbmduc3lz +Lm5hdGkuY29thwTAqAEsMB0GA1UdDgQWBBRx9Ln26coMMR8qI3gH8/piY4g8yjAN +BgkqhkiG9w0BAQsFAAOCAgEArybLmxjinaY/Lp/VjbUgaHo1nrkFsJU7LMTInqhT +D/YPTODKTk12CqBxOtChKmX5y7Aydv7vEmuoy7vUmEIBDCM+8W2yBnB6j1A/rgPv ++4OufjCdnTeyGzcMmX+PE1d7it0Iyl8p2vAHnQC3DkWeBbAhwLd89vc2KyCfGp3F +1vrQTFO6/Oxf2zgzRfkQJWtCIkh8io+urCDm7khns7wU6LxVJpsYKcsBtcvcmnDi +dHvHxzlyoyxL6/x8irYeKo01exUwdLR9BwGb54/rIvgtsN/iaOC9jVd76x4pP9Cy +F3Ici9bc7P/snDZoDgqMfDX0Au6QNJTfnDCltZk8HBfGlH3TiiL3XK9EiAWHv7PG +p2yGpt0rMr2RP0gxm/Uysill+zZtJoFzShdcTNqDT0sCDLfB0SuRGkVPLFY3i9vk +SfDcNVq8ltEjpCPrtlwLOxedLFjUFJzIbj67GqwY3R4d8XpxECUiFzawYNSOAckJ +CCLY73GslRgWw0uoHVJ5/l+CnECLYdzYEczeEeDvbT3oMT4blMdOBdhbqeqdIKL4 +mug/YFiVTZyuya1jE6NfAgRV2keuM6nRdMjnE+JIrwfi4Rea9nRp6xH1+rKfZoUq +tYyl8te8Bu/l1VfO1AQeI7aSR1+KfZhs1i3FtvRANCcQoyB6VqznSOBYtaTGOq8M +4W8= +-----END CERTIFICATE----- diff --git a/etc/certificates/ogboot.ext b/etc/certificates/ogboot.ext new file mode 100644 index 0000000..7ac8986 --- /dev/null +++ b/etc/certificates/ogboot.ext @@ -0,0 +1,10 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth, clientAuth +subjectAltName = @alt_names + +[alt_names] +DNS.1 = ogboot.local +DNS.2 = opengnsys.nati.com +IP.1 = 192.168.1.44 diff --git a/etc/certificates/ogboot.key b/etc/certificates/ogboot.key new file mode 100644 index 0000000..23ed34b --- /dev/null +++ b/etc/certificates/ogboot.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCqDJ+pPUEg8rze +jOkZhM3iOCSulHQJ5igMQP8Q3U4/6jJB7qHJyV93b2CQpUowmG2QA5nZtPDOfCiD +oYpovunix2nB282xDQACmrZ5P8qhhF3KgP596hwNPDHoyi1SzHv+WkMio/lSIe4R +ivkyDmcKHmDR6xtJMpr96FLFgAmDDG7Ht0rK64QAJixA3Nqp7N9MqtitoXU9y2dA +jT8xT3QLhPPoGcBWmn1ttwwc4KwIjSEQC35YtdI42Pq8kdMuRaKQO7ms6rs9b/A2 +QHfYq/JBR/cB5/JTwzHyMhJSVhQ2mJR8NhFESJTEJv2PMOpBKXEV4T60zLTl3+lr +e+6PkKUBAgMBAAECggEAEwjmtmMM70s8qQzM6vZatX/jW0dy1cjVosmDw7eCEtV8 +WrUDlzrbXNsyy/40l8v4N66vghcm/XYYcuOaQq9cLu5zgCfClpcF8USwOFJTtFDE +zu4xjpauHS0nyQ8Yk7QgDRC9gxsnxXHW3E/aJShHkHJmFBllLIRlpRZkbYcviWOk +Ct5cxwJT2cyZgcNK9sVi+kizxMgZFih5UUv/72uhLKu9MyqNL4XkdNMy56YGyiH1 +dtmrNVbudxRUuNmdRgnBTBfQAmmy9yxkwW9ngHS0nqhd2bMGBMYAL+B/mVPMRn84 +4+oSR3yhNExvR4RIvFCng6n9NyG8CAO1N/MPASNXgQKBgQDhAOurLdhI1frDWBbv +iy9cxHeNSOWFnhn15thUncyAq5pTYlxnrXdrYzxkXfzib39M79QBDR2hZGCSl0QA +UCW7zyRIe/tTz9KFNslrvvdBIjMGNpc59FReO4FWOF0oU0TcO6XJXcHPSyq0fZJo +46X7d3Z7ZrANYvAloYCzOjuKTQKBgQDBeakEw+lBcRA2/qj/tOwSCZt+SltqzJXS +uCkCL7kW0aWbQaFqvANioGf10HHwrSDTig2Kuui9CxcfYWJEyBqezZ2UkXgCne8T ++OYf7Su4iqr6NsQHGyzE/drobQv9HdS33RNGc0RN9HYojA0MXyPZaVJxv335htqk +89juIrh3hQKBgQCm8bnqbr+Vez7uBcQuxATGPfe+WqIB/AajDz7fuZ1ssuZ0i/yn +6Gs8wIqkpZ/mmnfHrAKPLR4ZC5Mj8RxBZzY4HT98kJEv5Hj84mOckDqAl1FogMS/ ++WtH57rVMEjejLoA9jjSKcCNf+YVuT4SmSYkaMT+Vni11fz8ztHhKYnX2QKBgQCu +O6ytYOyPhY1vqThyRvENcV95hOb8r88A2936XRXW6ee0gI8n+rclu4TDxvrFHnRg +bIOzeo0bqYAiP2XqwTXP6yVM5Q/pc2cZWl2LRN/Jqf89o9I3AA76PA5Gn+VbBeFJ +zyqLmERb25oI+87IZGl5YjLfwu5kp0ABqqOiGNx8rQKBgQClfdfawzybv2dVQ/2C +l3VOM84HCJQuk+LGd5p4XPLxOPXZ7aQMOjx38L1WQU9KM6ts+xc+yH0wqeMXAsl+ +Jz1kOEAvpLR4F/5iDSbT6TXSNVfhPGyfIPFMIG0MNOwrRpWziKTH6CjInIh08dzZ +9Feb5YJqaC4DZV50WMPa6UmbXg== +-----END PRIVATE KEY----- diff --git a/etc/stunnel/stunnel-ogboot-client.conf b/etc/stunnel/stunnel-ogboot-client.conf new file mode 100644 index 0000000..74b4a44 --- /dev/null +++ b/etc/stunnel/stunnel-ogboot-client.conf @@ -0,0 +1,18 @@ +# === GENERAL === +foreground = yes +client = yes +debug = 7 +output = /var/log/opengnsys/stunnel-client-ogboot.log + +# === TUNEL TLS CLIENTE === +[api_tls_client] +accept = 127.0.0.1:9443 +connect = 192.168.1.10:8443 + +# Certificado del cliente (presentado al servidor) +cert = /opt/opengnsys/ogboot/etc/certificates/ogboot.crt +key = /opt/opengnsys/ogboot/etc/certificates/ogboot.key + +# CA del servidor (para verificar el servidor remoto) +CAfile = /opt/opengnsys/ogboot/etc/certificates/ca.crt +verify = 2