From 52784eda3875b4ea8a25f6d67dd4d62af44d0bf1 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Fri, 2 Nov 2018 18:25:15 -0700 Subject: [PATCH] Add a simple full configuration of the ca to use with examples. --- examples/pki/config/ca.json | 40 ++++++++++++++++++++++++ examples/pki/secrets/intermediate_ca.crt | 12 +++++++ examples/pki/secrets/intermediate_ca_key | 8 +++++ examples/pki/secrets/root_ca.crt | 10 ++++++ examples/pki/secrets/root_ca_key | 8 +++++ 5 files changed, 78 insertions(+) create mode 100644 examples/pki/config/ca.json create mode 100644 examples/pki/secrets/intermediate_ca.crt create mode 100644 examples/pki/secrets/intermediate_ca_key create mode 100644 examples/pki/secrets/root_ca.crt create mode 100644 examples/pki/secrets/root_ca_key diff --git a/examples/pki/config/ca.json b/examples/pki/config/ca.json new file mode 100644 index 00000000..cc11d330 --- /dev/null +++ b/examples/pki/config/ca.json @@ -0,0 +1,40 @@ +{ + "root": "examples/pki/secrets/root_ca.crt", + "crt": "examples/pki/secrets/intermediate_ca.crt", + "key": "examples/pki/secrets/intermediate_ca_key", + "password": "password", + "address": ":9000", + "dnsNames": [ + "localhost" + ], + "logger": { + "format": "text" + }, + "authority": { + "provisioners": [ + { + "name": "mariano@smallstep.com", + "type": "jwk", + "key": { + "use": "sig", + "kty": "EC", + "kid": "DmAtZt2EhmZr_iTJJ387fr4Md2NbzMXGdXQNW1UWPXk", + "crv": "P-256", + "alg": "ES256", + "x": "jXoO1j4CXxoTC32pNzkVC8l6k2LfP0k5ndhJZmcdVbk", + "y": "c3JDL4GTFxJWHa8EaHdMh4QgwMh64P2_AGWrD0ADXcI" + }, + "encryptedKey": "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjEwMDAwMCwicDJzIjoiOTFVWjdzRGw3RlNXcldfX1I1NUh3USJ9.FcWtrBDNgrkA33G9Ll9sXh1cPF-3jVXeYe1FLmSDc_Q2PmfLOPvJOA.0ZoN32ayaRWnufJb.WrkffMmDLWiq1-2kn-w7-kVBGW12gjNCBHNHB1hyEdED0rWH1YWpKd8FjoOACdJyLhSn4kAS3Lw5AH7fvO27A48zzvoxZU5EgSm5HG9IjkIH-LBJ-v79ShkpmPylchgjkFhxa5epD11OIK4rFmI7s-0BCjmJokLR_DZBhDMw2khGnsr_MEOfAz9UnqXaQ4MIy8eT52xUpx68gpWFlz2YP3EqiYyNEv0PpjMtyP5lO2i8-p8BqvuJdus9H3fO5Dg-1KVto1wuqh4BQ2JKTauv60QAnM_4sdxRHku3F_nV64SCrZfDvnN2ve21raFROtyXaqHZhN6lyoPxDncy8v4.biaOblEe0N-gMpJyFZ-3-A" + } + ] + }, + "tls": { + "cipherSuites": [ + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ], + "minVersion": 1.2, + "maxVersion": 1.2, + "renegotiation": false + } +} \ No newline at end of file diff --git a/examples/pki/secrets/intermediate_ca.crt b/examples/pki/secrets/intermediate_ca.crt new file mode 100644 index 00000000..099e9241 --- /dev/null +++ b/examples/pki/secrets/intermediate_ca.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBxjCCAWugAwIBAgIQAYoOWhdChUmmKzlc0DWcWDAKBggqhkjOPQQDAjAcMRow +GAYDVQQDExFTbWFsbHN0ZXAgUm9vdCBDQTAeFw0xODExMDIyMzU0MTNaFw0yODEw +MzAyMzU0MTNaMCQxIjAgBgNVBAMTGVNtYWxsc3RlcCBJbnRlcm1lZGlhdGUgQ0Ew +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASxvIWme8/yDAxkR63KgSYkpN7mHKBH +k5c8S+uzba4xWbaxZtEZ9NNhEIAgYFZ9/3ThrzLOsuGwRCvPTaD5iycQo4GGMIGD +MA4GA1UdDwEB/wQEAwIBpjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU8dKIy5ZLH2h3ihWgqjcpoo5e +q3YwHwYDVR0jBBgwFoAU0IpOvAyBnn9UhDqOQzXnfEU3aYMwCgYIKoZIzj0EAwID +SQAwRgIhANXlcktuaEvORhgRvzQ6vVNgvpqCEXW3CcCHjUl1xSdaAiEAmakkpfFq +VsT5PqPnTRgOWlFESRhQ9btl6nQ+2Lt/S5A= +-----END CERTIFICATE----- diff --git a/examples/pki/secrets/intermediate_ca_key b/examples/pki/secrets/intermediate_ca_key new file mode 100644 index 00000000..e99a9e99 --- /dev/null +++ b/examples/pki/secrets/intermediate_ca_key @@ -0,0 +1,8 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,4c7758e66df1884f6560839de64d4dd3 + +S8Ha8uA+bA3IGPurYODwd9VaJZ6FHI2tlznHXCOxT1MlGqyEAc4aWS11QBUz0Ucp +excwlqM8kfh5BcN5a+vvInHnv74ZiNPdpt/apzz2LIx52pApzASiKVXRsAUmR4Pv +3MsO1/cVHkilpee1uC+axL32d5YmyP0URpSNJK9BhZo= +-----END EC PRIVATE KEY----- diff --git a/examples/pki/secrets/root_ca.crt b/examples/pki/secrets/root_ca.crt new file mode 100644 index 00000000..db24c535 --- /dev/null +++ b/examples/pki/secrets/root_ca.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBfDCCASGgAwIBAgIQY0CXerxuM+EhTbpVxxLRKjAKBggqhkjOPQQDAjAcMRow +GAYDVQQDExFTbWFsbHN0ZXAgUm9vdCBDQTAeFw0xODExMDIyMzU0MTNaFw0yODEw +MzAyMzU0MTNaMBwxGjAYBgNVBAMTEVNtYWxsc3RlcCBSb290IENBMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAEEGa7ZeL4WVIfPFDS7glJkIVsITVQgjfyz+AhcYaS +rkJZlWOGZ60br9uE/wEfUcX1zavrX1Wz+bSJzTvT0AVBNqNFMEMwDgYDVR0PAQH/ +BAQDAgGmMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFNCKTrwMgZ5/VIQ6 +jkM153xFN2mDMAoGCCqGSM49BAMCA0kAMEYCIQCRA4EdlTTMhs2Zd1cT75ZgxeGa +mjVPl1vqBxLkHqEO+QIhAPKVm7E452ZBe2o5rQRxGwa94MI+CyuEIH9md3nTgWWX +-----END CERTIFICATE----- diff --git a/examples/pki/secrets/root_ca_key b/examples/pki/secrets/root_ca_key new file mode 100644 index 00000000..fe4016df --- /dev/null +++ b/examples/pki/secrets/root_ca_key @@ -0,0 +1,8 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,98fdc560ba714aebb9fd4b714395d8ce + +2bFn8yRb8lMvDR6oh22PocfhXdaoVNt4QwHCJNy0K0fG8CMokwDfEec//LseP6rA +7/EV11+ZgoN9xyTNe1kB6zFv7/kzCpRm23sqtyio+8xXWnLZNYKBRYYEeJWBUqqd +GAfazg4ZFzoIH5TEPWCEAp7M9CVvtiw1SeA/zjewp2k= +-----END EC PRIVATE KEY-----