public static void Setup(string directory, string passphrase, string caCountry, string caProvince, string caLocality, string caOrganization, string caOrganizationalUnit, string caCommonName, string caEmail) { ConsoleLogger.Log("setting up root ca structure"); if (string.IsNullOrEmpty(directory)) { ApplicationSetting.SetCaPath(directory); } if (string.IsNullOrEmpty(passphrase)) { ApplicationSetting.SetX509(passphrase); } _caCountry = caCountry; _caProvince = caProvince; _caLocality = caLocality; _caOrganization = caOrganization; _caOrganizationalUnit = caOrganizationalUnit; _caCommonName = caCommonName; _caEmail = caEmail; _caIntermediateCommonName = $"Intermediate {caCommonName}"; Terminal.Terminal.Execute($"mkdir -p {CaDirectory}"); Terminal.Terminal.Execute($"mkdir -p {CaDirectory}/certs"); Terminal.Terminal.Execute($"mkdir -p {CaDirectory}/crl"); Terminal.Terminal.Execute($"mkdir -p {CaDirectory}/newcerts"); Terminal.Terminal.Execute($"mkdir -p {CaDirectory}/private"); Terminal.Terminal.Execute($"chmod 700 {CaDirectory}/private"); Terminal.Terminal.Execute($"touch {CaDirectory}/index.txt"); Terminal.Terminal.Execute($"echo 1000 > {CaDirectory}/serial"); Terminal.Terminal.Execute($"cp {Parameter.Resources}/openssl.cnf {CaRootConfFile}"); Terminal.Terminal.Execute($"openssl genrsa -aes256 -out {CaRootPrivateKey} -passout pass:{passphrase} 4096"); Terminal.Terminal.Execute($"chmod 400 {CaRootPrivateKey}"); Terminal.Terminal.Execute($"openssl req -config {CaRootConfFile} -key {CaRootPrivateKey} -new -x509 -days 10950 -sha256 -extensions v3_ca -out {CaRootCertificate} -passin pass:{passphrase} -subj \"/C={_caCountry}/ST={_caProvince}/L={_caLocality}/O={_caOrganization}/OU={_caOrganizationalUnit}/CN={_caCommonName}/emailAddress={_caEmail}\""); Terminal.Terminal.Execute($"openssl x509 -noout -text -in {CaRootCertificate}"); ConsoleLogger.Log("setting up intermediate ca structure"); Terminal.Terminal.Execute($"mkdir -p {CaIntermediateDirectory}"); Terminal.Terminal.Execute($"mkdir -p {CaIntermediateDirectory}/certs"); Terminal.Terminal.Execute($"mkdir -p {CaIntermediateDirectory}/crl"); Terminal.Terminal.Execute($"mkdir -p {CaIntermediateDirectory}/csr"); Terminal.Terminal.Execute($"mkdir -p {CaIntermediateDirectory}/newcerts"); Terminal.Terminal.Execute($"mkdir -p {CaIntermediateDirectory}/private"); Terminal.Terminal.Execute($"mkdir -p {CaIntermediateDirectory}/params"); Terminal.Terminal.Execute($"chmod 700 {CaIntermediateDirectory}/private"); Terminal.Terminal.Execute($"touch {CaIntermediateDirectory}/index.txt"); Terminal.Terminal.Execute($"echo 1000 > {CaIntermediateDirectory}/serial"); Terminal.Terminal.Execute($"echo 1000 > {CaIntermediateDirectory}/crlnumber"); Terminal.Terminal.Execute($"cp {Parameter.Resources}/openssl-intermediate.cnf {CaIntermediateConfFile}"); Terminal.Terminal.Execute($"openssl genrsa -aes256 -out {CaIntermediatePrivateKey} -passout pass:{passphrase} 4096"); Terminal.Terminal.Execute($"chmod 400 {CaIntermediatePrivateKey}"); Terminal.Terminal.Execute($"openssl req -config {CaIntermediateConfFile} -key {CaIntermediatePrivateKey} -new -sha256 -out {CaIntermediateCertificateReq} -passin pass:{passphrase} -subj \"/C={_caCountry}/ST={_caProvince}/L={_caLocality}/O={_caOrganization}/OU={_caOrganizationalUnit}/CN={_caIntermediateCommonName}/emailAddress={_caEmail}\""); Terminal.Terminal.Execute($"openssl ca -batch -config {CaRootConfFile} -extensions v3_intermediate_ca -days 3650 -notext -md sha256 -passin pass:{passphrase} -in {CaIntermediateCertificateReq} -out {CaIntermediateCertificate}"); Terminal.Terminal.Execute($"chmod 444 {CaIntermediateCertificate}"); Terminal.Terminal.Execute($"openssl x509 -noout -text -in {CaIntermediateCertificate}"); Terminal.Terminal.Execute($"openssl verify -CAfile {CaRootCertificate} {CaIntermediateCertificate}"); Terminal.Terminal.Execute($"cat {CaIntermediateCertificate} {CaRootCertificate} > {CaIntermediateChain}"); Terminal.Terminal.Execute($"chmod 444 {CaIntermediateChain}"); ConsoleLogger.Log("setting up crl"); Terminal.Terminal.Execute($"openssl ca -config {CaIntermediateCertificate} -gencrl -batch -passin pass:{passphrase} -out {CaIntermediateRevocationList}"); ConsoleLogger.Log(Terminal.Terminal.Execute($"openssl crl -in {CaIntermediateRevocationList} -noout -text")); if (File.Exists(SambaCaCert)) { File.Delete(SambaCaCert); } Terminal.Terminal.Execute($"cp {CaIntermediateChain} {SambaCaCert}"); if (File.Exists(SambaCaCrl)) { File.Delete(SambaCaCrl); } Terminal.Terminal.Execute($"cp {CaIntermediateRevocationList} {SambaCaCrl}"); Terminal.Terminal.Execute("systemctl restart samba"); //todo associa path e configurazione di NGINX al distribution point... //todo salva da qualche parte l'url della possibile crldtrpt //sambatool CNAME if (File.Exists(NginxCrl)) { File.Delete(NginxCrl); } Terminal.Terminal.Execute($"cp {CaIntermediateRevocationList} {NginxCrl}"); Terminal.Terminal.Execute("systemctl restart nginx"); ApplicationSetting.EnableCertificateAuthority(); }