dataset/doc/certificates.md

# Généré des certificats via la PKI interne de mini_risotto

## Génération du certificate sur le serveur

### Sous Fedora

```
<file>/etc/pki/ca-trust/source/anchors/ca_<AUTHORITY_NAME>.crt</file>
<file>/etc/pki/tls/certs/<SERVICE>.crt</file>
<file owner="root" group="<SERVICE>" mode="440">/etc/pki/tls/private/<SERVICE>.key</file>
```

### Les templates

Dans le template ca_<AUTHORITY_NAME>.crt :

```
%%get_chain(authority_cn=%%domain_name_eth0, authority_name="<AUTHORITY_NAME>")
```

Dans le template <SERVICE>.crt :

```
%%get_certificate(%%domain_name_eth0, '<AUTHORITY_NAME>')
```

Dans le template <SERVICE>.key :

```
%%get_private_key(%%domain_name_eth0, '<AUTHORITY_NAME>')
```

## Génération du certificat client

### Sous Fedora

```
<services>
  <service name="<SERVICE>client" manage="False">
    <file>/etc/pki/ca-trust/source/anchors/ca_<AUTHORITY_NAME>.crt</file>
    <file>/etc/pki/tls/certs/<SERVICE>.crt</file>
    <file owner_type="variable" owner="<VARIABLE_NAME>" mode="400">/etc/pki/tls/private/<SERVICE>.key</file>
  </service>
</services>
```

### La variable

```
<variable name="<VARIABLE_NAME>" type="unix_user" description="Key owner" mandatory="True">
  <value>DEFAULT_VALUE</value>
</variable>
```

### Les templates

Dans le template ca_<AUTHORITY_NAME>.crt :

```
%%get_chain(authority_cn=<SERVER_DOMAINNAME>, authority_name="<AUTHORITY_NAME>")
```

Dans le template <SERVICE>.crt :

```
%%get_certificate(cn=%%domain_name_eth0, authority_cn=<SERVER_DOMAINNAME>, authority_name='<AUTHORITY_NAME>', type="client")
```

Dans le template <SERVICE>.key :

```
%%get_private_key(cn=%%domain_name_eth0, authority_cn=<SERVER_DOMAINNAME>, authority_name='<AUTHORITY_NAME>', type="client")
```
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			`# Généré des certificats via la PKI interne de mini_risotto`

add piwigo 2022-04-28 21:48:16 +02:00			`## Génération du certificate sur le serveur`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00
add piwigo 2022-04-28 21:48:16 +02:00			`### Sous Fedora`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00
			```
add piwigo 2022-04-28 21:48:16 +02:00			`<file>/etc/pki/ca-trust/source/anchors/ca_<AUTHORITY_NAME>.crt</file>`
			`<file>/etc/pki/tls/certs/<SERVICE>.crt</file>`
			`<file owner="root" group="<SERVICE>" mode="440">/etc/pki/tls/private/<SERVICE>.key</file>`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			```

add piwigo 2022-04-28 21:48:16 +02:00			`### Les templates`

			`Dans le template ca_<AUTHORITY_NAME>.crt :`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00
			```
add piwigo 2022-04-28 21:48:16 +02:00			`%%get_chain(authority_cn=%%domain_name_eth0, authority_name="<AUTHORITY_NAME>")`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			```

add piwigo 2022-04-28 21:48:16 +02:00			`Dans le template <SERVICE>.crt :`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00
			```
add piwigo 2022-04-28 21:48:16 +02:00			`%%get_certificate(%%domain_name_eth0, '<AUTHORITY_NAME>')`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			```

add piwigo 2022-04-28 21:48:16 +02:00			`Dans le template <SERVICE>.key :`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00
			```
add piwigo 2022-04-28 21:48:16 +02:00			`%%get_private_key(%%domain_name_eth0, '<AUTHORITY_NAME>')`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			```

add piwigo 2022-04-28 21:48:16 +02:00			`## Génération du certificat client`

			`### Sous Fedora`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00
			```
add piwigo 2022-04-28 21:48:16 +02:00			`<services>`
			`<service name="<SERVICE>client" manage="False">`
			`<file>/etc/pki/ca-trust/source/anchors/ca_<AUTHORITY_NAME>.crt</file>`
			`<file>/etc/pki/tls/certs/<SERVICE>.crt</file>`
			`<file owner_type="variable" owner="<VARIABLE_NAME>" mode="400">/etc/pki/tls/private/<SERVICE>.key</file>`
			`</service>`
			`</services>`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			```

add piwigo 2022-04-28 21:48:16 +02:00			`### La variable`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00
			```
add piwigo 2022-04-28 21:48:16 +02:00			`<variable name="<VARIABLE_NAME>" type="unix_user" description="Key owner" mandatory="True">`
			`<value>DEFAULT_VALUE</value>`
			`</variable>`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			```

add piwigo 2022-04-28 21:48:16 +02:00			`### Les templates`

			`Dans le template ca_<AUTHORITY_NAME>.crt :`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00
			```
add piwigo 2022-04-28 21:48:16 +02:00			`%%get_chain(authority_cn=<SERVER_DOMAINNAME>, authority_name="<AUTHORITY_NAME>")`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			```

add piwigo 2022-04-28 21:48:16 +02:00			`Dans le template <SERVICE>.crt :`

			```
			`%%get_certificate(cn=%%domain_name_eth0, authority_cn=<SERVER_DOMAINNAME>, authority_name='<AUTHORITY_NAME>', type="client")`
			```
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00
add piwigo 2022-04-28 21:48:16 +02:00			`Dans le template <SERVICE>.key :`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00
			```
add piwigo 2022-04-28 21:48:16 +02:00			`%%get_private_key(cn=%%domain_name_eth0, authority_cn=<SERVER_DOMAINNAME>, authority_name='<AUTHORITY_NAME>', type="client")`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			```