calculate/calculate-utils-3-core
4
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
No description
827 commits 8 branches 217 tags 1.7 MiB
Python 99.8%
Shell 0.2%
Find a file
Exact
root 9b8f59d512 Merge branch 'master' of https://git.calculate-linux.org/calculate/calculate-utils-3-core
2024-08-14 13:55:25 +03:00
bin deleted unneeded py2 script 2021-08-09 12:17:29 +03:00
data bin scripts to py3 2021-08-09 10:14:21 +03:00
man Fix mans 2012-05-12 16:17:46 +04:00
pym/core fix error in printing error 2024-08-14 13:54:02 +03:00
.gitignore added more py3 related changes 2021-07-13 10:27:37 +03:00
LICENCE Add setup files. 2010-11-15 17:16:56 +03:00
README general improvements + swaped sudsds for suds (untested) 2021-06-21 15:48:26 +03:00
setup.py deleted unneeded py2 script 2021-08-09 12:17:29 +03:00

README 

AUTHOR: Calculate Ltd. <support@calculate.ru> 

INSTALL
-------

calculate-api needs the following library version installed, in order to run:
    python >= 2.6
    soaplib = 2.13

    calculate-lib >= 3.0.0_beta2.0

To install calculate-api, just execute the install script 'setup.py'.
Example:

    ./setup.py install

####################################

Create root certificate (self-signed)

$ openssl genrsa -out root.key 1024
$ openssl req -new -key root.key -out root.csr
$ openssl x509 -req -days 1096 -in root.csr -signkey root.key -out root.crt

or

$ openssl req -new -newkey rsa:1024 -nodes -keyout root.key -x509 -days 1096 
    -subj /C=RU/ST=Spb/L=Spb/O=calculate-linux\ \
    Inc/OU=Sale/CN=www.calculate-linux.ru/emailAddress=support@calculate-linux.ru 
    -out root.crt  # CN - unique name root certificate

####################################

Create server certificate

$ openssl genrsa -out server.key 1024
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 365 -CA root.crt -CAkey root.key
    -CAcreateserial -in server.csr -out server.crt

e.g.
$ cd /var/calculate/server/server_certs/
$ openssl x509 -req -days 365 -CA /var/calculate/server/ca/root.crt -CAkey \
  /var/calculate/server/ca/root.key -CAcreateserial -in ./NUM.csr -out ./NUM.crt
  
NUM - number certificate

####################################

Show certificate

openssl x509 -noout -text -in certificate.crt

Show request

openssl req -noout -text -in request.csr

Show key

openssl rsa -noout -text -in key.key

Show CRL

openssl crl -text -noout -in ca.crl

####################################

Create not root ca certificate

$ openssl genrsa -out ca.key 1024
$ openssl req -new -key ca.key -out ca.csr
$ openssl x509 -req -days 365 -CA root.crt -CAkey root.key -CAcreateserial \
     -extfile ssl-server-ca.cfg -extensions ssl_server_ca -in ca.csr -out ca.crt

$ cat ssl-server-ca.cfg 

[ ssl_server_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical,CA:true
#basicConstraints = CA:true
keyUsage = keyCertSign, digitalSignature, keyEncipherment, cRLSign
extendedKeyUsage = serverAuth

####################################

Files

/var/calculate/server - directory with clients and servers request and signed 
certificates, rights certificates (groups):
  /var/calculate/server/ca - directory with root certificates, server certificates and 
                             CA certificate.
  /var/calculate/server/client_certs - clients request and signed certificates
  /var/calculate/server/server_certs - servers request and signed certificates
  /var/calculate/server/conf/group_right.conf - list of methods available for groups
  example of content:
      manager pid_info,list_pid,cl_template,cl_login
      
  /var/calculate/server/conf/right.conf - list of number certificates who are allowed 
                                          execution of the method
  example of content:
      pid_info 2 -1
  certificate number 2 has right to run method "pid_info", and the certificate 
  number 1 does not have rights. Use key --right-add and --right-del. See man.