68 lines
4.5 KiB
Markdown
68 lines
4.5 KiB
Markdown
# RobotNet
|
|
|
|
## Create certificate
|
|
|
|
- Tạo file san.cnf
|
|
```
|
|
[req]
|
|
distinguished_name = req_distinguished_name
|
|
x509_extensions = v3_req
|
|
prompt = no
|
|
|
|
[req_distinguished_name]
|
|
CN = iidentityserver
|
|
|
|
[v3_req]
|
|
subjectAltName = DNS:identityserver,DNS:localhost
|
|
```
|
|
- Tạo certificate
|
|
```
|
|
openssl genrsa -out ca.key 2048
|
|
openssl req -x509 -new -nodes -key ca.key -sha256 -days 365000 -out ca.crt -subj "/CN=LocalCA"
|
|
|
|
# Tạo private key và CSR
|
|
openssl genrsa -out identityserver.key 2048
|
|
openssl req -new -key identityserver.key -out identityserver.csr -config san.cnf
|
|
|
|
# Ký certificate bằng CA
|
|
openssl x509 -req -in identityserver.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out identityserver.crt -days 365000 -sha256 -extensions v3_req -extfile san.cnf
|
|
|
|
# Chuyển đổi sang .pfx
|
|
openssl pkcs12 -export -out robotnet.pfx -inkey identityserver.key -in identityserver.crt -certfile ca.crt -password pass:RobotNet@2024
|
|
```
|
|
|
|
## Kiểm tra certificate
|
|
```
|
|
openssl pkcs12 -in robotnet.pfx -nokeys -out temp.pem -password pass:RobotNet@2024
|
|
openssl x509 -in temp.pem -noout -text
|
|
openssl x509 -in ./ca.crt -noout -text
|
|
```
|
|
|
|
- kết quả
|
|
```
|
|
X509v3 extensions:
|
|
X509v3 Subject Alternative Name:
|
|
DNS:identity-server, DNS:localhost
|
|
```
|
|
|
|
- Kiểm tra khả năng kết nối từ map-manager tới identity-server thêm ca certificate
|
|
`docker exec -it mapmanager curl -v --cacert /usr/local/share/ca-certificates/ca.crt https://identityserver/.well-known/openid-configuration`
|
|
`docker exec -it mapmanager curl -v https://identityserver/.well-known/openid-configuration`
|
|
|
|
# Tách chứng chỉ (certificate) từ file robotnet.pfx
|
|
openssl pkcs12 -in robotnet.pfx -out cert.pem -clcerts -nokeys -passin pass:RobotNet@2024
|
|
|
|
# Tách khóa riêng (private key) từ file robotnet.pfx
|
|
openssl pkcs12 -in robotnet.pfx -out key.pem -nocerts -nodes -passin pass:RobotNet@2024
|
|
|
|
# Tự động tạo mới
|
|
cd certificate
|
|
cmd /c .\gencert.cmd
|
|
|
|
docker exec -it mapmanager curl -X Post -H "Content-Type: application/x-www-form-urlencoded" -d "token=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiJCMUY4MUE2NjZCRkQ4MkVENUUyOTY2ODRDMjA4Q0IwNkM2RUY0MjE2IiwidHlwIjoiYXQrand0IiwiY3R5IjoiSldUIn0.k-x_ywHSBonyT0ccp2L_mdrnQvMS03c9XiOuBiuv_N4kn4OZJbzB-ikVolKJIRpK6Q7T0LxF84ThI1WsbcdZ-aWfi_3E_t4U7abNyL4st9W_KM_AUmSVzPWFw6Sg9md01g_k3rOQX0CufH0RrGevpg3YXIatdwpqiPGC4EeMpfwSLdGtiYyDD6M_bB5MLb0LJCRvG9gIaXi3yhp4jMpZ0gbXKHI_p8Jj3dNLeOTrf7QlpK9ILL8ftw0MwcpqHdbthPRuXAoJJFNIT44QZaphF0-OQAdVcF6N7jNZ3NdpjcnGhYJu3mZvhqIvhrFl7fgzn0Tqd6I3H03o4OMcTmgc2w.kLZ-bz_TiIDbKlmgqOB4cQ.Dnjacr7idUvrkIyLU_Q0jQrK_YwSC0QKO_glCMi6_k5F6ZzfOjYACrX5S-s9-QKatoo4iaEw2WAsBf-7F_bSzGyEqv5Q43OY9KQiSyuY_kt_LZir2oQE_RiCdjxCcAxTsme0dqHM-YmoJXXjYnVMIv6G7GAMfsDy8S3C9ejneoa-6Jl9y0SO0q6OkFNkbo6Yf1ncHzKZrFPjzQY5GV13w7uCl-ruHpmbsnT2DZWNLnPVqrt2PQNOLgwKOgBrPqHh0ro0ULYqclKkJx7UhTu324wFqzPrWk9ZaOJtbAoAxc67m-IZaoyfxVaM_qZoGSS_RrGD4500bH_04eD-ZEAqLNQ_YVx6Rn_REdJKTybiVRmNpCidkLkfIGeFgxvFPMOwNL85stMR_DioRpSwtCb8Rde9h9OS4XG6taHWI5iGs4-j6U7XuT2Qlryvvljh-4rHtgEWehZCqcYKLnX7Wu2zsleimKwo47V__Sr2AUgJ8Rhkt9E1TGW4IDW02qSj6bg4TMjoYdmDo_pqg-VDVr04D_6M6PmVr4u6O0ePRFDqdDW3_QLJM3KOnX8ihHD71NqBGpha7ujpX0nE0BqN3_bt9JzQyDW36UOkSRRN_YE-CKRpbVbgo7fOR7npQZ7_PiPmWJhybbfyjSRLvePdTNstkJpW-HHcUVxM2j_R2RnXZpjEBGP2wWSMkm5iKBnGT7s0L-vbPEVaYgD-5Gz3OAGvl5AOFgaH5tHGKKMsqZ3OnJKonD1J1KXx5qzCrcuFURsQLzPmryPVSdgRPLGZ8HcvFs5hYlcKCUpzP8z58cyTgTsNQr5-Aqny8snNO-WlEl-v_qKEwtmqS_9McRziP0V4kKzsTLs1MM-0pqU80Izsl6mRRkvRzAOMhnqcI-9bsNuvm7e_GF3uqpPQcmMqpuMwYz5YnMU9XCK5fUsUJHmG5GhEvM3Pi-jPQWMuxr_hHmIaeuSbHrCEjROdSifbyeChvcmuQD-91xz1tlVit80EKtozR-xBizMWiTFV3ycNvde0MSVnfEE1xaJ4XRClh1wjHo5obO1MgxlhXXscc2YB9OdxQ0zqPePe-ptdhkCrDTy4s4OD1PF8yhFoMLA6Hvk86rZr8zGff5RSmbfR7jqq1oNFqnBdHVI5aAWnmbqqYcsxUResnMALLDVZo03Xccvf_c_6QJo2Co8O8BT1PYhNyDxebxYObWaMtU7UPCnMrzLVRG3GDxdwfbbs-x7m5wsi0Bn2Rt5qyoP3a8STxdhVm5OqIU_LkcWWWY0-L6Bp-_w2iIjq17sOuH5CZCwlx39RjKo1Vlckzoxnf4ZYyoITEApWTivxgpNzXyT2eBfVr7wFXykRYgj0etWAgiF3jXwmJ3NnbwL4pbsY3-Acvta6mTZq53aOtWQyWheIPi7-rvn877VLbsTdtZFmwD6QleY2dEJNpRn2Gbok94JnG_noVGE7qCl87TJo_p_m_PMaRHLmbf_XRsz26HlrhdkUIsMWYdGZrupOd9PjyA6rSQH6ySA6T4sbu1gnOVcU24oyeRUYqQSbhyMzrnwBTKfsxrcrIeIQUVqEzOPSY9nm3aF-vjyOWyrkdEFGQJB8wxylRvz1.Qdura_6ys8-ar2iPYOhhgW3yyk7preRo9OFeT3cxzTM&client_id=robotnet-map-manager&client_secret=72B36E68-2F2B-455B-858A-77B1DCC79979" -v https://identityserver/connect/introspect
|
|
|
|
# For Windows
|
|
docker images | Select-String "robotics.doc" | ForEach-Object { ($_ -split "\s+")[2] } | ForEach-Object { docker rmi $_ }
|
|
|
|
# For Linux
|
|
docker rmi -f $(docker images | grep robotics | grep 0.0.33 | awk '{print $3}') |