public static void Create(string crlDistPt, string userPrincipalName, string countryName, string stateProvinceName, string localityName, string organizationName, string organizationalUnitName, string passphrase) { try { const string replaceCrlDistPtd = "$crlDitributionPoint$"; const string replaceUserPrincipalName = "$userPrincipalName$"; var cnfText = File.ReadAllText(CertCnfTemplate) .Replace(replaceCrlDistPtd, crlDistPt) .Replace(replaceUserPrincipalName, userPrincipalName); _certCurrentConfigurationFile = $"{CaIntermediateDirectory}/openssl-dc-{userPrincipalName}.cnf"; if (File.Exists(_certCurrentConfigurationFile)) { File.Delete(_certCurrentConfigurationFile); } File.WriteAllText(_certCurrentConfigurationFile, cnfText); ConsoleLogger.Log($"certificate configuration file set for {userPrincipalName}"); const int days = 740; var certificateKeyPath = $"{CaIntermediateDirectory}/private/dc-{userPrincipalName}.key.pem"; var certificateRequestPath = $"{CaIntermediateDirectory}/csr/dc-{userPrincipalName}.csr.pem"; var certificatePath = $"{CaIntermediateDirectory}/certs/dc-{userPrincipalName}.cert.pem"; Terminal.Terminal.Execute($"openssl req -new -newkey rsa:2048 -keyout {certificateKeyPath} -out {certificateRequestPath} -config {_certCurrentConfigurationFile} -passout pass:{passphrase} -subj \"/C={countryName}/ST={stateProvinceName}/L={localityName}/O={organizationName}/OU={organizationalUnitName}/CN={userPrincipalName}/emailAddress={userPrincipalName}\""); Terminal.Terminal.Execute($"openssl ca -batch -config {_certCurrentConfigurationFile} -days {days} -in {certificateRequestPath} -out {certificatePath} -passin pass:{ApplicationSetting.X509()}"); var certificateDerPath = $"{CaIntermediateDirectory}/certs/{userPrincipalName}.cert.cer"; Terminal.Terminal.Execute($"openssl x509 -in {certificatePath} -inform PEM -out {certificateDerPath} -outform DER"); Terminal.Terminal.Execute($"chmod 444 {certificateDerPath}"); var certificatePfxPath = $"{CaIntermediateDirectory}/certs/{userPrincipalName}.cert.pfx"; Terminal.Terminal.Execute($"openssl pkcs12 -export -in {certificatePath} -inkey {certificateKeyPath} -out {certificatePfxPath} -passin pass:{passphrase} -passout pass:{passphrase} -nodes"); Terminal.Terminal.Execute($"chmod 444 {certificatePfxPath}"); var dt = DateTime.Now; var model = new CertificateModel { IsPresent = true, IsRevoked = false, _Id = Guid.NewGuid().ToString(), CertificateGuid = Guid.NewGuid().ToString(), CertificatePath = certificatePath, CertificateDerPath = certificateDerPath, CertificatePfxPath = certificatePfxPath, CertificateCountryName = countryName, CertificateStateProvinceNameh = stateProvinceName, CertificateLocalityName = localityName, CertificateOrganizationName = organizationName, CertificateOrganizationalUnitName = organizationalUnitName, CertificateCommonName = userPrincipalName, CertificateEmailAddress = userPrincipalName, CertificatePassphrase = passphrase, CertificateAuthorityLevel = CertificateAuthorityLevel.Common, CertificateAssignment = CertificateAssignment.SmartCard, AssignmentGuid = userPrincipalName, ReleaseDateTime = dt, ExpirationDateTime = dt.AddDays(days) }; DeNSo.Session.New.Set(model); } catch (Exception ex) { ConsoleLogger.Warn(ex.Message); } }
public static void Create(string countryName, string stateProvinceName, string localityName, string organizationName, string organizationalUnitName, string commonName, string emailAddress, string passphrase, CertificateAssignment assignment, string bytesLength, string userGuid, string serviceGuid, string serviceAlias) { try { var certName = commonName; var usePassphraseForPrivateKey = passphrase.Length > 0; var certificateKeyPath = $"{CaIntermediateDirectory}/private/{certName}.key.pem"; var certificateRequestPath = $"{CaIntermediateDirectory}/csr/{certName}.csr.pem"; var certificatePath = $"{CaIntermediateDirectory}/certs/{certName}.cert.pem"; if (usePassphraseForPrivateKey == false) { Terminal.Terminal.Execute($"openssl genrsa -out {certificateKeyPath} {bytesLength}"); Terminal.Terminal.Execute($"chmod 400 {certificateKeyPath}"); Terminal.Terminal.Execute($"openssl req -config {CaIntermediateConfFile} -key {certificateKeyPath} -new -sha256 -out {certificateRequestPath} -subj \"/C={countryName}/ST={stateProvinceName}/L={localityName}/O={organizationName}/OU={organizationalUnitName}/CN={certName}/emailAddress={emailAddress}\""); } else { Terminal.Terminal.Execute( $"openssl genrsa -aes256 -passout pass:{passphrase} -out {certificateKeyPath} {bytesLength}"); Terminal.Terminal.Execute($"chmod 400 {certificateKeyPath}"); Terminal.Terminal.Execute($"openssl req -config {CaIntermediateConfFile} -key {certificateKeyPath} -new -sha256 -out {certificateRequestPath} -passin pass:{passphrase} -subj \"/C={countryName}/ST={stateProvinceName}/L={localityName}/O={organizationName}/OU={organizationalUnitName}/CN={certName}/emailAddress={emailAddress}\""); } var certExtension = "usr_cert"; if (assignment == CertificateAssignment.Service) { certExtension = "server_cert"; } const int days = 375; Terminal.Terminal.Execute($"openssl ca -batch -config {CaIntermediateConfFile} -extensions {certExtension} -days {days} -notext -md sha256 -passin pass:{ApplicationSetting.X509()} -in {certificateRequestPath} -out {certificatePath}"); Terminal.Terminal.Execute($"chmod 444 {certificatePath}"); var certificateDerPath = $"{CaIntermediateDirectory}/certs/{certName}.cert.cer"; Terminal.Terminal.Execute($"openssl x509 -in {certificatePath} -inform PEM -out {certificateDerPath} -outform DER"); Terminal.Terminal.Execute($"chmod 444 {certificateDerPath}"); var certificatePfxPath = $"{CaIntermediateDirectory}/certs/{certName}.cert.pfx"; Terminal.Terminal.Execute($"openssl pkcs12 -export -in {certificatePath} -inkey {certificateKeyPath} -out {certificatePfxPath} -passin pass:{passphrase} -passout pass:{passphrase} -nodes"); Terminal.Terminal.Execute($"chmod 444 {certificatePfxPath}"); var dt = DateTime.Now; var model = new CertificateModel { IsPresent = true, IsRevoked = false, _Id = Guid.NewGuid().ToString(), CertificateGuid = Guid.NewGuid().ToString(), CertificatePath = certificatePath, CertificateDerPath = certificateDerPath, CertificatePfxPath = certificatePfxPath, CertificateCountryName = countryName, CertificateStateProvinceNameh = stateProvinceName, CertificateLocalityName = localityName, CertificateOrganizationName = organizationName, CertificateOrganizationalUnitName = organizationalUnitName, CertificateCommonName = certName, CertificateEmailAddress = emailAddress, CertificatePassphrase = passphrase, IsProtectedByPassphrase = usePassphraseForPrivateKey, CertificateAuthorityLevel = CertificateAuthorityLevel.Common, CertificateAssignment = assignment, AssignmentGuid = "", AssignmentUserGuids = userGuid.Split(','), AssignmentServiceGuid = serviceGuid, AssignmentServiceAlias = serviceAlias, CertificateBytes = bytesLength, ReleaseDateTime = dt, ExpirationDateTime = dt.AddDays(days) }; DeNSo.Session.New.Set(model); } catch (Exception ex) { ConsoleLogger.Warn(ex.Message); } }
public static void Create(string crlDistPt, string domainGuid, string domainDnsName, string countryName, string stateProvinceName, string localityName, string organizationName, string organizationalUnitName, string commonName, string emailAddress, string passphrase) { try { const string replaceCrlDistPtd = "$crlDitributionPoint$"; const string replaceDomainControllerGuid = "$domainControllerGuid$"; const string replaceDomainDnsname = "$domainDnsName$"; var cnfText = File.ReadAllText(CertCnfTemplate) .Replace(replaceCrlDistPtd, crlDistPt) .Replace(replaceDomainControllerGuid, domainGuid) .Replace(replaceDomainDnsname, domainDnsName); _certCurrentConfigurationFile = $"{CaIntermediateDirectory}/openssl-dc-{domainGuid}.cnf"; if (File.Exists(_certCurrentConfigurationFile)) { File.Delete(_certCurrentConfigurationFile); } File.WriteAllText(_certCurrentConfigurationFile, cnfText); ConsoleLogger.Log($"certificate configuration file set for {domainGuid}"); const int days = 740; var certificateKeyPath = $"{CaIntermediateDirectory}/private/dc-{domainGuid}.key.pem"; var certificateRequestPath = $"{CaIntermediateDirectory}/csr/dc-{domainGuid}.csr.pem"; var certificatePath = $"{CaIntermediateDirectory}/certs/dc-{domainGuid}.cert.pem"; Terminal.Terminal.Execute($"openssl req -new -newkey rsa:2048 -keyout {certificateKeyPath} -out {certificateRequestPath} -config {_certCurrentConfigurationFile} -passout pass:{passphrase} -subj \"/C={countryName}/ST={stateProvinceName}/L={localityName}/O={organizationName}/OU={organizationalUnitName}/CN={commonName}/emailAddress={emailAddress}\""); Terminal.Terminal.Execute($"openssl ca -batch -config {_certCurrentConfigurationFile} -days {days} -in {certificateRequestPath} -out {certificatePath} -passin pass:{ApplicationSetting.X509()}"); var privDcKey = $"{CaIntermediateDirectory}/private/dc-privkey.pem"; Terminal.Terminal.Execute($"openssl rsa -in {certificateKeyPath} -inform PEM -out {privDcKey} -outform PEM -passin pass:{ApplicationSetting.X509()}"); var paramFile = $"{CaIntermediateDirectory}/params/dc-dhparams.pem"; Terminal.Terminal.Execute($"openssl dhparam 2048 -outform PEM -out {paramFile}"); if (File.Exists(SambaDcCert)) { File.Delete(SambaDcCert); } Terminal.Terminal.Execute($"cp {certificatePath} {SambaDcCert}"); if (File.Exists(SambaDcParams)) { File.Delete(SambaDcParams); } Terminal.Terminal.Execute($"cp {paramFile} {SambaDcParams}"); if (File.Exists(SambaDcKey)) { File.Delete(SambaDcKey); } Terminal.Terminal.Execute($"cp {privDcKey} {SambaDcKey}"); Terminal.Terminal.Execute("systemctl restart samba"); var dt = DateTime.Now; var model = new CertificateModel { IsPresent = true, IsRevoked = false, _Id = Guid.NewGuid().ToString(), CertificateGuid = Guid.NewGuid().ToString(), CertificatePath = certificatePath, CertificateCountryName = countryName, CertificateStateProvinceNameh = stateProvinceName, CertificateLocalityName = localityName, CertificateOrganizationName = organizationName, CertificateOrganizationalUnitName = organizationalUnitName, CertificateCommonName = commonName, CertificateEmailAddress = emailAddress, CertificatePassphrase = passphrase, CertificateAuthorityLevel = CertificateAuthorityLevel.Common, CertificateAssignment = CertificateAssignment.DomainController, AssignmentGuid = domainGuid, ReleaseDateTime = dt, ExpirationDateTime = dt.AddDays(days) }; DeNSo.Session.New.Set(model); } catch (Exception ex) { ConsoleLogger.Warn(ex.Message); } }