Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
 
 
Go to file
root 0e7cf9d593
TG-336
9 månader sedan
bin deleted unneeded py2 script 3 år sedan
data bin scripts to py3 3 år sedan
man Fix mans 12 år sedan
pym/core TG-336 9 månader sedan
.gitignore added more py3 related changes 3 år sedan
LICENCE Add setup files. 14 år sedan
README general improvements + swaped sudsds for suds (untested) 3 år sedan
setup.py deleted unneeded py2 script 3 år sedan

README

AUTHOR: Calculate Ltd. <support@calculate.ru> 


INSTALL
-------

calculate-api needs the following library version installed, in order to run:
python >= 2.6
soaplib = 2.13

calculate-lib >= 3.0.0_beta2.0

To install calculate-api, just execute the install script 'setup.py'.
Example:

./setup.py install

####################################

Create root certificate (self-signed)

$ openssl genrsa -out root.key 1024
$ openssl req -new -key root.key -out root.csr
$ openssl x509 -req -days 1096 -in root.csr -signkey root.key -out root.crt

or

$ openssl req -new -newkey rsa:1024 -nodes -keyout root.key -x509 -days 1096
-subj /C=RU/ST=Spb/L=Spb/O=calculate-linux\ \
Inc/OU=Sale/CN=www.calculate-linux.ru/emailAddress=support@calculate-linux.ru
-out root.crt # CN - unique name root certificate

####################################

Create server certificate

$ openssl genrsa -out server.key 1024
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 365 -CA root.crt -CAkey root.key
-CAcreateserial -in server.csr -out server.crt

e.g.
$ cd /var/calculate/server/server_certs/
$ openssl x509 -req -days 365 -CA /var/calculate/server/ca/root.crt -CAkey \
/var/calculate/server/ca/root.key -CAcreateserial -in ./NUM.csr -out ./NUM.crt

NUM - number certificate

####################################

Show certificate

openssl x509 -noout -text -in certificate.crt

Show request

openssl req -noout -text -in request.csr

Show key

openssl rsa -noout -text -in key.key

Show CRL

openssl crl -text -noout -in ca.crl

####################################

Create not root ca certificate

$ openssl genrsa -out ca.key 1024
$ openssl req -new -key ca.key -out ca.csr
$ openssl x509 -req -days 365 -CA root.crt -CAkey root.key -CAcreateserial \
-extfile ssl-server-ca.cfg -extensions ssl_server_ca -in ca.csr -out ca.crt

$ cat ssl-server-ca.cfg

[ ssl_server_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical,CA:true
#basicConstraints = CA:true
keyUsage = keyCertSign, digitalSignature, keyEncipherment, cRLSign
extendedKeyUsage = serverAuth

####################################

Files

/var/calculate/server - directory with clients and servers request and signed
certificates, rights certificates (groups):
/var/calculate/server/ca - directory with root certificates, server certificates and
CA certificate.
/var/calculate/server/client_certs - clients request and signed certificates
/var/calculate/server/server_certs - servers request and signed certificates
/var/calculate/server/conf/group_right.conf - list of methods available for groups
example of content:
manager pid_info,list_pid,cl_template,cl_login

/var/calculate/server/conf/right.conf - list of number certificates who are allowed
execution of the method
example of content:
pid_info 2 -1
certificate number 2 has right to run method "pid_info", and the certificate
number 1 does not have rights. Use key --right-add and --right-del. See man.