more certificate update

gpproton · Jul 16, 2023 · 07f3d6e · 07f3d6e
1 parent 9290907
commit 07f3d6e
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 5 deletions.
diff --git a/certificate/localhost.conf b/certificate/localhost.conf
@@ -1,11 +1,34 @@
+[ca]
+default_ca = CA_default
+[CA_default]
+default_days = 3650
+default_md = md5
+preserve = no
+email_in_dn = no
+nameopt = default_ca
+certopt = default_ca
+policy = policy_match
+[policy_match]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
 [req]
 prompt = no
-default_bits = 2048
+default_bits = 4096
 distinguished_name = subject
 req_extensions = req_ext
 x509_extensions = x509_ext
 [subject]
 commonName = localhost
+0.organizationName = 11 Clouds
+organizationalUnitName = Development
+emailAddress = me@godwin.dev
+localityName = Aurora
+stateOrProvinceName = Carlifonia
+countryName = US
 [req_ext]
 basicConstraints = critical, CA:true
 subjectAltName = @alt_names

diff --git a/certificate/setup.sh b/certificate/setup.sh
@@ -11,7 +11,7 @@ function setup_certificate() {
 
         if [[ -f $HOME/$certificate_config ]]; then
             echo "generating certificate keys"
-            openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
+            openssl req -x509 -nodes -days 3650 -newkey rsa:4096 \
                 -keyout $certificate_root/localhost.key \
                 -out $certificate_root/localhost.crt \
                 -config $certificate_root/localhost.conf
@@ -22,9 +22,6 @@ function setup_certificate() {
         if [[ $os_type -eq "linux" ]]; then
             if [[ $os_variant -eq "opensuse" ]]; then
                 echo "apply private key for $os_variant"
-                ## posible cert locations
-                # 0: /usr/share/pki/trust/anchors
-                # 1: /etc/pki/trust/anchors
                 sudo cp $certificate_root/localhost.crt /etc/pki/trust/anchors
                 sudo update-ca-certificates
             fi

diff --git a/linux/dotnet.md b/linux/dotnet.md
@@ -45,4 +45,11 @@ certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n ${cert_name} -i ${cert_path}/${c
 firefox_profile=""
 certutil -d sql:$HOME/.mozilla/firefox/${firefox_profile}/ -A -t "P,," -n ${cert_name} -i ${cert_path}/${cert_name}.crt
 certutil -d sql:$HOME/.mozilla/firefox/${firefox_profile}/ -A -t "C,," -n ${cert_name} -i ${cert_path}/${cert_name}.crt
+
+
+## Fix corrupted store
+mv ~/.pki/nssdb ~/.pki/nssdb.corrupted
+mkdir ~/.pki/nssdb
+chmod 700 ~/.pki/nssdb
+certutil -d sql:$HOME/.pki/nssdb -N
 ```