From 7a488811fe04d09aa223dc06cab62344618daeb8 Mon Sep 17 00:00:00 2001 From: Vasco Date: Mon, 20 Apr 2026 12:12:14 +0100 Subject: [PATCH] ca --- VM_APACHE.sh | 5 +++- VM_OPENSSL.sh | 6 ++++- VM_VPN_GATEWAY.sh | 14 ++++++++---- ca.crt | 21 +++++++++++++++++ ca.csr | 17 ++++++++++++++ ca.key | 28 +++++++++++++++++++++++ httpd.conf | 0 openssl.cnf | 0 relatorio.aux => relatorio/relatorio.aux | 0 relatorio.log => relatorio/relatorio.log | 0 relatorio.pdf => relatorio/relatorio.pdf | Bin relatorio.tex => relatorio/relatorio.tex | 0 relatorio.toc => relatorio/relatorio.toc | 0 ssl.conf | 0 v3_ca.ext | 2 ++ vpn.conf | 6 ++--- vpn.key | 28 +++++++++++++++++++++++ 17 files changed, 118 insertions(+), 9 deletions(-) create mode 100644 ca.crt create mode 100644 ca.csr create mode 100644 ca.key create mode 100644 httpd.conf create mode 100644 openssl.cnf rename relatorio.aux => relatorio/relatorio.aux (100%) rename relatorio.log => relatorio/relatorio.log (100%) rename relatorio.pdf => relatorio/relatorio.pdf (100%) rename relatorio.tex => relatorio/relatorio.tex (100%) rename relatorio.toc => relatorio/relatorio.toc (100%) create mode 100644 ssl.conf create mode 100644 v3_ca.ext create mode 100644 vpn.key diff --git a/VM_APACHE.sh b/VM_APACHE.sh index 2dbbc46..8f4b2ee 100644 --- a/VM_APACHE.sh +++ b/VM_APACHE.sh @@ -12,4 +12,7 @@ ip_dentro="10.60.0.2" yum install -y epel-release # --- interfaces --- -ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 \ No newline at end of file +ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 + +cp httpd.conf /etc/httpd/conf/ +cp ssl.conf /etc/httpd/conf.d/ diff --git a/VM_OPENSSL.sh b/VM_OPENSSL.sh index 9965e36..6b700ef 100644 --- a/VM_OPENSSL.sh +++ b/VM_OPENSSL.sh @@ -12,4 +12,8 @@ ip_dentro="10.60.0.1" yum install -y openssl # --- interfaces --- -ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 \ No newline at end of file +ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 + +# le openslll + +cp openssl.cnf /etc/pki/tls/ diff --git a/VM_VPN_GATEWAY.sh b/VM_VPN_GATEWAY.sh index fd6e7b9..ae22be8 100644 --- a/VM_VPN_GATEWAY.sh +++ b/VM_VPN_GATEWAY.sh @@ -51,14 +51,20 @@ sudo iptables-save > /etc/sysconfig/iptables # :3 # deviamos meter os comandos utlizados no relatorio # os ficheiros ja estao criados -ca ca.crt # -cert gw-vpn.crt # -key gw-vpn.key # ya +# Copiar o Self-signed Certificate Authority +ca_dir="/etc/pki/CA" +mkdir -p $ca_dir +mv ca.crt $ca_dir + +# Criar vpn certificate +openssl ca -in ca.csr -cert ca.crt -keyfile ca.key -out vpn.crt +mv vpn.key $ca_dir +mv vpn.crt $ca_dir -cp vpn.conf /etc/openvpn/server/ # NOTA(vasco): o ficheiro conf vai ser vpn.conf pq isso é o nome do serviço # NOTA(vasco): talvez deviamos correr diretamente via o comando # em vez de via serviços +sudo cp vpn.conf /etc/openvpn/server/ sudo systemctl enable --now openvpn-server@vpn.service diff --git a/ca.crt b/ca.crt new file mode 100644 index 0000000..e225c4b --- /dev/null +++ b/ca.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaTCCAlGgAwIBAgIUD2JnuJYQPRP/h3PPf1FsiNHLUekwDQYJKoZIhvcNAQEL +BQAwXTELMAkGA1UEBhMCUFQxEDAOBgNVBAgMB0NvaW1icmExETAPBgNVBAcMCENv +aW1icmFhMQswCQYDVQQKDAJVQzEOMAwGA1UECwwFRkNUVUMxDDAKBgNVBAMMA1ZQ +TjAeFw0yNjA0MjAxMTAzMDhaFw0yNzA0MjAxMTAzMDhaMF0xCzAJBgNVBAYTAlBU +MRAwDgYDVQQIDAdDb2ltYnJhMREwDwYDVQQHDAhDb2ltYnJhYTELMAkGA1UECgwC +VUMxDjAMBgNVBAsMBUZDVFVDMQwwCgYDVQQDDANWUE4wggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDaDICRTLW69RpumTHY6kBy6Ip4QPzoB+nCbvFEYtM2 +mdgmn0e1PLg1FwosL0h8BxOyWApGlbqYKV0dBt+rC7IF3gKrLNTNCadjk7+zualG +6wvEK1H7Rteo0/Y5DF24/V+GihEUzktu8K9pPcBXsl8LlIodxVe8P2R02Tubgp/i +mKKHvER6y7FPc0UNkqqTWYhqa8KLpuNqZvDJnNUM3oJF1do9JlnjNJZcI63nb+6K +bvZjj9tqRbdbqE3A7NTDg7agTt298UGER7N4kzKGPzdYO8orKKp8fbkrcwRO98gb +lib4gVEdsY3JBCQLs6QtwW+ehwhVVIqHQMOJuLENM+a5AgMBAAGjITAfMB0GA1Ud +DgQWBBRbBGnllBjk6IPuPY16Xr+4surKuzANBgkqhkiG9w0BAQsFAAOCAQEAGP5/ +rS39yY/rs3yc6KE0ag9gIN2YU34nTNps3MUlGJ5/E6mMBLdlNh5EKIn+Df81wNhG +qETLw/1VScZiZK6waH2svDPPKk76e/4oY6JF+xCnOayOIBwYgYvUqrG1I0KjTmEO +Qg0AlZg84pkyLRzd2vN/opzSz/r6hQJgQQ/kwbiJxX3dpwRwrees4OO18LN31l1Y +Gsna3u6IWLWouc4Q60i6AptW9pzCPI0op7UlZyqezLI/osG9jv4RSr8aq0reH0Zs +TWso/PMtltVgLuTLqE5oU+GW/3r0H2LA0q6qsLHCSbQRHcwNdU2UbuFzXKqn5vgv +5tjt5x4YgUgGSth7Qg== +-----END CERTIFICATE----- diff --git a/ca.csr b/ca.csr new file mode 100644 index 0000000..698f26c --- /dev/null +++ b/ca.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICojCCAYoCAQAwXTELMAkGA1UEBhMCUFQxEDAOBgNVBAgMB0NvaW1icmExETAP +BgNVBAcMCENvaW1icmFhMQswCQYDVQQKDAJVQzEOMAwGA1UECwwFRkNUVUMxDDAK +BgNVBAMMA1ZQTjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANoMgJFM +tbr1Gm6ZMdjqQHLoinhA/OgH6cJu8URi0zaZ2CafR7U8uDUXCiwvSHwHE7JYCkaV +upgpXR0G36sLsgXeAqss1M0Jp2OTv7O5qUbrC8QrUftG16jT9jkMXbj9X4aKERTO +S27wr2k9wFeyXwuUih3FV7w/ZHTZO5uCn+KYooe8RHrLsU9zRQ2SqpNZiGprwoum +42pm8Mmc1QzegkXV2j0mWeM0llwjredv7opu9mOP22pFt1uoTcDs1MODtqBO3b3x +QYRHs3iTMoY/N1g7yisoqnx9uStzBE73yBuWJviBUR2xjckEJAuzpC3Bb56HCFVU +iodAw4m4sQ0z5rkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQARfdJpU+K1v7rR +IOPfHUq4BWApbhrv7bqwykK+YgyWzmEzNSp7jq91Wa4GnokbHruGsp+M0h3C/5fw +EhZakFDwykThVbxRk+iuPp7MpXPKMPGvFVzxIrD9xk7KSBUnhx0+dhwu5r0U+Uqh +A5HP44nUHjnIWQ+nah9IA4Z4ldks6bvl6rBrZf1znLLq/kZSb6bSsg9zLFJyJzeH +v5amC2OKPqREqeKzNQJhUNMAU360zDi8sf+dvDDtcwaevk71g/SEcZbJbw1KMR6g +orORkT5uSi97mTJ8+hZMw+0hNyqBG/Zflq6aMzm97RlBGHBhFL/5ITpYx+S7vcQC +EehlTcbM +-----END CERTIFICATE REQUEST----- diff --git a/ca.key b/ca.key new file mode 100644 index 0000000..fc230fe --- /dev/null +++ b/ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDaDICRTLW69Rpu +mTHY6kBy6Ip4QPzoB+nCbvFEYtM2mdgmn0e1PLg1FwosL0h8BxOyWApGlbqYKV0d +Bt+rC7IF3gKrLNTNCadjk7+zualG6wvEK1H7Rteo0/Y5DF24/V+GihEUzktu8K9p +PcBXsl8LlIodxVe8P2R02Tubgp/imKKHvER6y7FPc0UNkqqTWYhqa8KLpuNqZvDJ +nNUM3oJF1do9JlnjNJZcI63nb+6KbvZjj9tqRbdbqE3A7NTDg7agTt298UGER7N4 +kzKGPzdYO8orKKp8fbkrcwRO98gblib4gVEdsY3JBCQLs6QtwW+ehwhVVIqHQMOJ +uLENM+a5AgMBAAECggEAAlGgopBGkfvg5DUg8onk4Hv121sd6BX2dSeCzWurdptl +UQgqW28Z/+be8t2YB3P3+wfEkzUs2Ej/U8t9YIdV2ooJV0/unZVufZNQ4MzMNAQp +pRRMsW+yo9mzjC4uxySlqeD+bG0ttZrdvgXRYvVeB/ne9qZWZ/rOGw/Y2mRlxiN8 +9aotelpIFboy1CXyYBRlcVPgqDNCvbvFkJ+uAqWDjvKOzqML45qfhTiTCcPNwZ0v +lZhZtvhIen5hepOII2VSnNoVxdWSIy+p8//1LT5EvSaK7+vyGRS/dLyjAdMTmWUW +92NsuD0hOGZdejy0vzVxowcXEkZ3aDmqAxHZhIY90QKBgQD5ZPtgA2BCdSnnt4lk +nyH0SJqOmLs2NzgzP6jDgLbH5Xd8zQa0Jk41Axttj91d+l31SqKF30+lTfRU6RBq +p6E5kF8LNm0ZA2PgPvmq/a4eS2eEjGl39DHsVMzvCsiN5ic05SP1VKgxM5hD+1U0 +KK8cGwABrc9OIh8sxDmwzdsbUQKBgQDf0vs+DGgLBHwAkenruUGAy/KqFk3wNKG8 +lRzGgvqUqi+XqWLPS7u2FdstCnMTS1L4g/IKkgR15BCi3MkBh1JwQ8MWT/zE0nHQ +3oJHMhXXWLp3ft1PQ74BN2al0TNu/U2h7vrRhlVNg1iLcBfMI4yqqyjV8YEZEBaH +RhsDuNDq6QKBgQCyy/PwNNtpKeh+KLZGvlOwd/DetJ7bUqFnFIegigIAtAGDJtZc +h23gUbbzSIXzH1EHT5fPFHdcUtQNn/3WCRHsXBXXyxBSM30CQwPp0+9l5rdzbtsa +VacJAQ7ffcKlANEw+epas3PVumC6tFC0kUphgvXxPjP2lz30cUXO/PbN0QKBgEq5 +rZexnKrQ/HVUQbypRO0zKfkPKUYgzD6hqdG8uNwZVXpU2uBKcIkCEwKeknzGkRTX +OF+/EC4rzkIRZCpWe3dvqBoy6jjr6YPKRcRvPEuBG//5Ivnrq+vMC0Eg7wMHHnwJ +xUNejewrBczHx6on1DbGngOPdYJglKTlCu/bLCTBAoGAKTHPH1YJPRbn7yEzpdjt +22aoxEjwSVIyQc49Q5Ophuvwit+7CeiJ2bRqHadRmJA65Z/4MJ4O3LupLa0BaGS0 ++F1+sW5ap37qisJrHlSUfVN/IPhonmnULV9DEwj3ronYsmYHaY1TPI/tQaTLN1Q4 +Kcr3D6K2flqH6rmEX3KKLMA= +-----END PRIVATE KEY----- diff --git a/httpd.conf b/httpd.conf new file mode 100644 index 0000000..e69de29 diff --git a/openssl.cnf b/openssl.cnf new file mode 100644 index 0000000..e69de29 diff --git a/relatorio.aux b/relatorio/relatorio.aux similarity index 100% rename from relatorio.aux rename to relatorio/relatorio.aux diff --git a/relatorio.log b/relatorio/relatorio.log similarity index 100% rename from relatorio.log rename to relatorio/relatorio.log diff --git a/relatorio.pdf b/relatorio/relatorio.pdf similarity index 100% rename from relatorio.pdf rename to relatorio/relatorio.pdf diff --git a/relatorio.tex b/relatorio/relatorio.tex similarity index 100% rename from relatorio.tex rename to relatorio/relatorio.tex diff --git a/relatorio.toc b/relatorio/relatorio.toc similarity index 100% rename from relatorio.toc rename to relatorio/relatorio.toc diff --git a/ssl.conf b/ssl.conf new file mode 100644 index 0000000..e69de29 diff --git a/v3_ca.ext b/v3_ca.ext new file mode 100644 index 0000000..113b8ab --- /dev/null +++ b/v3_ca.ext @@ -0,0 +1,2 @@ +keyUsage = cRLSign, digitalSignature, keyCertSign +basicConstraints=critical,CA:true,pathlen:0 diff --git a/vpn.conf b/vpn.conf index 6fbe93d..3f70471 100644 --- a/vpn.conf +++ b/vpn.conf @@ -2,8 +2,8 @@ local 192.168.1.1 port 1194 proto udp dev tun -ca ca.crt # -cert gw-vpn.crt # -key gw-vpn.key # ya +ca ca.crt # +cert vpn.crt # +key vpn.key # ya dh dh2048.pem server 10.60.0.0 255.255.255.0 diff --git a/vpn.key b/vpn.key new file mode 100644 index 0000000..be81c08 --- /dev/null +++ b/vpn.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC47TvtHVNPSXnI +PIR1AEpFa7nR7EgwRAoA0eHsAd+4sKip8ay+6WmGc1W5A9egf6meizg2QCcLcwTm +7SS3ZTCYYtGP23OtQr8AZDpZeiRcxyjQUEjEPNhJWSr7RXnbHbgk2IQGtNhnBhys +LtupuYgOIBHmyIjzYpKA7sy/oRTXmvNwyk7vcLm6IbewnNap32swHrmzsSJzDrDV +kRMT2DQDBbYLJ5H+5gDfmJ5HAjOcMwE75GbwGeDKa1UT49aFp300Avnwr2ecqqMa +44RZ3sc10/8igNxsNZXQsuEvv4YxXDOZVikMPxAnt5t9wq7WPwLCh4G0NUUasTSG +URbJYTvTAgMBAAECggEAA8zlozZWkiBlmc6wlCz42cYLJWbF3Flm8Tm0UGLWI61c +Z1MET09sWpXVMv5YDerXDrSNZ66tfr09jQyzk/dG5o16rApWWBRb6NimdanzxFpY +GuEuKvuVyvrDo4f70fEhlH7vRlSsxn/oJ/ELP54vTxxWnIJjhMjyT3xY2y6mxyrV +mKfp2YVPyKCj5R01Fw4BfL9Xu4qn0ROCZuVYYgffLGFKEPJluTdxfQ4XFTgOdC4/ +aemWIZQ9wGRoL0A3kCeNhwsPcWbtHSLE1/oR6E0TAMlMvNWRkrvxx9CmGRCtePiH +a2Yi9qjX42G/77ueL6N52fkK/GUB1F827rZ6xgiiVQKBgQDcZr23Gvyhxm2vLKhB +/tsOBiM1lbSMp38RxsLKOoSzFbQMZKjDWNL1GIF2n5r/VQh79N0fV4QUEq4bhtTo +WF/cD11xsjSkq66CAvmzgu4En0Ef0FXfZib19HRSAWKznhXgnnYiyirsBibOj3b+ +kNgVCftedLvuEZEQ1ZPiZJTQxwKBgQDWy6u/oawz983pMx9G+O4FpkLEOerXCsMz +BJb7o3RpRzM6qi1T1pti3UA/k4uiWZjHNAVWxUbzV08f9LMoxrZIO6EJT/3IqdsH +QoG1RYEo4BNLo3ZGns+ksIpaRIyOV3bIVWdaR0+P9MbRBVDuWGkVrZtBrAIm18LJ +Qosvi1aIlQKBgF9rJ5VfXKJZOuFNDydLQ+EFbTbksj72wP+cMnbE8PBrZAC9j4bL +LMGps1r87GjAkqS/tP+9rtPV5oTKUeCpag7mpAj2Iu5r2Wg2C47ZD1z26YXxd0v5 +eMKg678ZFHc46LXPRMv5BK4cV66z08uQP8yT/ry9AyOlfU1xec3Yx8i/AoGBAMhM +oVpQLz8+5DuEurP6SivmgPhvcfkaRjD7JLiAEnxiMvmP3DkENV6aJ+Ghe2Ln3jpU +3m2uBZ3CWzzXeYKa2zy8rkz61RQcoO1CLaaWq/0sB5JPWmo8ijFvl3TZ26CZG2Fx +krFzMlRx1DzykifRNh1LCS7Scic6qJ/5d8XcT9OJAoGAQFuWM2jhSAfrQw64nWuO +PkDYOKKtZij6RPdbxWH/A8uew8UCxJel8Q703GPRmRX0+1rhQ5jFfwWTgmQt5Kyb +zm8uk7Xa6CIZyC83F8j93AvBWHzJh7eI9xWuiTc9KGva4gKn443HM/Uz4NCGogWr +a428qWxj5+yxEpeZhqvhPic= +-----END PRIVATE KEY-----