Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-22 12:15:36 +01:00
Code Issues Projects Releases Wiki Activity

[PM-2300] Add Linux script to create dev certificates (#2941)

Browse Source 
* Add Linux script to create dev certificates

A script based on the macOS script that can be used on Linux, either
Debian or Red-hat derived distros.

* Fix invalid trailing comma in secrets json example
This commit is contained in:
Calum Lind 2023-07-04 03:47:12 +01:00 committed by GitHub
parent b151605c28
commit 62beb7d1e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
dev/create_certificates_linux.sh Executable file
View File

@ -0,0 +1,48 @@
#!/usr/bin/env bash
# Script for generating and installing the Bitwarden development certificates on Linux.
IDENTITY_SERVER_KEY=identity_server_dev.key
IDENTITY_SERVER_CERT=identity_server_dev.crt
IDENTITY_SERVER_CN="Bitwarden Identity Server Dev"
DATA_PROTECTION_KEY=data_protection_dev.key
DATA_PROTECTION_CERT=data_protection_dev.crt
DATA_PROTECTION_CN="Bitwarden Data Protection Dev"
# Detect management command to trust generated certificates.
if [ -x "$(command -v update-ca-certificates)" ]; then
# Debian based
CA_CERT_DIR=/usr/local/share/ca-certificates/
UPDATE_CA_CMD=update-ca-certificates
elif [ -x "$(command -v update-ca-trust)" ]; then
# Redhat based
CA_CERT_DIR=/etc/pki/ca-trust/source/anchors/
UPDATE_CA_CMD=update-ca-trust
else
echo 'Error: Update manager for CA certificates not found!'
exit 1
fi
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 3650 \
-keyout $IDENTITY_SERVER_KEY \
-out $IDENTITY_SERVER_CERT \
-subj "/CN=$IDENTITY_SERVER_CN"
sudo cp $IDENTITY_SERVER_CERT $CA_CERT_DIR
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 3650 \
-keyout $DATA_PROTECTION_KEY \
-out $DATA_PROTECTION_CERT \
-subj "/CN=$DATA_PROTECTION_CN"
sudo cp $DATA_PROTECTION_CERT $CA_CERT_DIR
sudo $UPDATE_CA_CMD
identity=($(openssl x509 -in $IDENTITY_SERVER_CERT -outform der | sha1sum | tr a-z A-Z))
data=($(openssl x509 -in $DATA_PROTECTION_CERT -outform der | sha1sum | tr a-z A-Z))
echo "Certificate fingerprints:"
echo "Identity Server Dev: ${identity}"
echo "Data Protection Dev: ${data}"

2
dev/secrets.json.example
View File

@ -15,7 +15,7 @@
"connectionString": "Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True" "connectionString": "Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True"
}, },
"postgreSql": { "postgreSql": {
"connectionString": "Host=localhost;Username=postgres;Password=SET_A_PASSWORD_HERE_123;Database=vault_dev;Include Error Detail=true", "connectionString": "Host=localhost;Username=postgres;Password=SET_A_PASSWORD_HERE_123;Database=vault_dev;Include Error Detail=true"
}, },
"mySql": { "mySql": {
"connectionString": "server=localhost;uid=root;pwd=SET_A_PASSWORD_HERE_123;database=vault_dev" "connectionString": "server=localhost;uid=root;pwd=SET_A_PASSWORD_HERE_123;database=vault_dev"