cacert/oidc-registration-php
9
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Added CAcert root certificates.

Browse source
This commit is contained in:
Brian Mc Cullough 2024-09-13 04:59:04 +02:00
parent aa2d9e1da3
commit b62b39a186
4 changed files with 104 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
INSTALL.txt
View file

@ -1,9 +1,13 @@
Start with Debian 12 Start with Debian 12
APT-Install git openssl mkcert postgresql nginx vim make python3-pip python3-venv curl APT-Install git openssl mkcert postgresql nginx vim make python3-pip python3-venv curl sudo
Apt-Install php-bz2 php-curl php-gd php-intl php-mbstring php-mcrypt php-pdo php-pgsql php-xml php-zip Apt-Install php-bz2 php-curl php-gd php-intl php-mbstring php-mcrypt php-pdo php-pgsql php-xml php-zip
Apt-Install certbot python3-certbot-nginx golang-go Apt-Install certbot python3-certbot-nginx golang-go
If necessary create a "normal" user and give them "sudo" access in /etc/group
Become that user.
Create a working directory Create a working directory
cmd: cd <Working Directory> cmd: cd <Working Directory>
@ -19,9 +23,9 @@ Also set the Domain and Host name in the URL variables.
cmd: cd misc cmd: cd misc
Edit oidc_db_v2.sql and insert the Database User name chosen above. Edit oidc_db_v2.sql and insert the Database User name chosen above in place of "<Your User>".
As Root: cmd: cp oidc_db_v2.sql /var/lib/postgres As Root: cmd: cp oidc_db_v2.sql /var/lib/postgresql
As Root: cmd: su - postgres As Root: cmd: su - postgres
cmd: createuser -s -d -e -r -P <DB User> ( Pwd: <DB Password> ) cmd: createuser -s -d -e -r -P <DB User> ( Pwd: <DB Password> )
cmd: createdb oidc_db -O <DB User> cmd: createdb oidc_db -O <DB User>
@ -35,25 +39,26 @@ cmd: python3 -m venv $HOME/.local/share/virtualenvs/ansible
cmd: $HOME/.local/share/virtualenvs/ansible/bin/pip install ansible cmd: $HOME/.local/share/virtualenvs/ansible/bin/pip install ansible
cmd: ln -s $HOME/.local/share/virtualenvs/ansible/bin/ansible* $HOME/.local/bin/ cmd: ln -s $HOME/.local/share/virtualenvs/ansible/bin/ansible* $HOME/.local/bin/
cmd: export PATH=$HOME/.local/bin:$HOME/go/bin:$PATH cmd: export PATH=$HOME/.local/bin:$HOME/go/bin:$PATH
Edit your ~/.profile to include the preceeding PATH changes
cmd: . ~/.profile
cmd: go install github.com/nicksnyder/go-i18n/v2/goi18n@latest cmd: go install github.com/nicksnyder/go-i18n/v2/goi18n@latest
cmd: cd ..
cmd: git clone --recurse-submodules https://code.cacert.org/cacert/oidc-parent.git cmd: git clone --recurse-submodules https://code.cacert.org/cacert/oidc-parent.git
cmd: cd oidc-parent cmd: cd oidc-parent
# cause pull, fetch and other git commands to consider submodules # cause pull, fetch and other git commands to consider submodules
cmd: git config submodule.recurse true cmd: git config submodule.recurse true
Edit: deployment/roles/oidc_idp/templates/idp_config.toml.j2
and ensure that the last line contains 'level = "debug"'.
cmd: make cmd: make
Change into the "deployment" sub-directory Change into the "deployment" sub-directory
cmd: cd deployment cmd: cd deployment
cmd: ansible-playbook -K 01_install_cacert_oidc.yml cmd: ansible-playbook -K 01_install_cacert_oidc.yml
Answer the password question for your user. Answer the password question for your user.
cmd: cd .. cmd: cd ../..
cmd: cd ..
As Root: cmd: certbot --nginx -d <your domain name> As Root: cmd: certbot --nginx -d <your domain name>
@ -63,8 +68,7 @@ From your working directory, do the following As Root:
cmd: cp ssl-certs/* /usr/local/share/ca-certficates cmd: cp ssl-certs/* /usr/local/share/ca-certficates
cmd: update-ca-certificates -f cmd: update-ca-certificates -f
cmd: cp misc/reverse-proxy.conf /etc/nginx/conf.d cmd: cp misc/reverse-proxy.conf /etc/nginx/conf.d
cmd: ( cd /var/www/html ; mv -i index.html index.html-orig )
As Root: cmd: ( cd /var/www/html ; mv -i index.html index.html-orig )
Once you are finished, you may change the Background Image, the Logo and the Favicon, as you wish. Once you are finished, you may change the Background Image, the Logo and the Favicon, as you wish.

13
README.md
View file

@ -8,6 +8,19 @@ To install this project, you should start with a machine, whether physical or vi
You also need to have Git installed in this machine. You also need to have Git installed in this machine.
You will probably want to do:
```
dpkg-reconfigure locales
```
and make sure that the _C_ locale is selected.
If it does not exist, create a "normal" user and give them "sudo" access in /etc/group
Become that user.
Start by creating a working directory to work in. I will refer to this as [WorkingDirectory]. Start by creating a working directory to work in. I will refer to this as [WorkingDirectory].
Once that is accomplished, change into that [WorkdingDirectory] and: Once that is accomplished, change into that [WorkdingDirectory] and:

37
ssl-certs/CAcert_Class3Root_x14E228.crt Normal file
View file

@ -0,0 +1,37 @@
-----BEGIN CERTIFICATE-----
MIIGPTCCBCWgAwIBAgIDFOIoMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTIxMDQxOTEyMTgzMFoXDTMxMDQxNzEyMTgzMFowVDEU
MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
BfvpAgMBAAGjgfIwge8wDwYDVR0TAQH/BAUwAwEB/zBhBggrBgEFBQcBAQRVMFMw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLkNBY2VydC5vcmcvMCwGCCsGAQUFBzAC
hiBodHRwOi8vd3d3LkNBY2VydC5vcmcvY2xhc3MzLmNydDBFBgNVHSAEPjA8MDoG
CysGAQQBgZBKAgMBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
Zy9jcHMucGhwMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHBzOi8vd3d3LmNhY2VydC5v
cmcvY2xhc3MzLmNybDANBgkqhkiG9w0BAQ0FAAOCAgEAxh6td1y0KJvRyI1EEsC9
dnYEgyEH+BGCf2vBlULAOBG1JXCNiwzB1Wz9HBoDfIv4BjGlnd5BKdSLm4TXPcE3
hnGjH1thKR5dd3278K25FRkTFOY1gP+mGbQ3hZRB6IjDX+CyBqS7+ECpHTms7eo/
mARN+Yz5R3lzUvXs3zSX+z534NzRg4i6iHNHWqakFcQNcA0PnksTB37vGD75pQGq
eSmx51L6UzrIpn+274mhsaFNL85jhX+lKuk71MGjzwoThbuZ15xmkITnZtRQs6Hh
LSIqJWjDILIrxLqYHehK71xYwrRNhFb3TrsWaEJskrhveM0Os/vvoLNkh/L3iEQ5
/LnmLMCYJNRALF7I7gsduAJNJrgKGMYvHkt1bo8uIXO8wgNV7qoU4JoaB1ML30QU
qGcFr0TI06FFdgK2fwy5hulPxm6wuxW0v+iAtXYx/mRkwQpYbcVQtrIDvx1CT1k5
0cQxi+jIKjkcFWHw3kBoDnCos0/ukegPT7aQnk2AbL4c7nCkuAcEKw1BAlSETkfq
i5btdlhh58MhewZv1LcL5zQyg8w1puclT3wXQvy8VwPGn0J/mGD4gLLZ9rGcHDUE
CokxFoWk+u5MCcVqmGbsyG4q5suS3CNslsHURfM8bQK4oLvHR8LCHEBMRcdFBn87
cSvOK6eB1kdGKLA8ymXxZp8=
-----END CERTIFICATE-----

40
ssl-certs/root_X0F.crt Normal file
View file

@ -0,0 +1,40 @@
-----BEGIN CERTIFICATE-----
MIIG7jCCBNagAwIBAgIBDzANBgkqhkiG9w0BAQsFADB5MRAwDgYDVQQKEwdSb290
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAX8w
ggF7MB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TAPBgNVHRMBAf8EBTAD
AQH/MDQGCWCGSAGG+EIBCAQnFiVodHRwOi8vd3d3LmNhY2VydC5vcmcvaW5kZXgu
cGhwP2lkPTEwMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlm
aWNhdGUgZm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuY2FjZXJ0Lm9y
ZzAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLmNhY2VydC5vcmcvcmV2b2tl
LmNybDAzBglghkgBhvhCAQQEJhYkVVJJOmh0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9y
ZXZva2UuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29j
c3AuY2FjZXJ0Lm9yZzAfBgNVHSMEGDAWgBQWtTIb1Mfz4OaO873SsDrusjkY0TAN
BgkqhkiG9w0BAQsFAAOCAgEAR5zXs6IX01JTt7Rq3b+bNRUhbO9vGBMggczo7R0q
Ih1kdhS6WzcrDoO6PkpuRg0L3qM7YQB6pw2V+ubzF7xl4C0HWltfzPTbzAHdJtja
JQw7QaBlmAYpN2CLB6Jeg8q/1Xpgdw/+IP1GRwdg7xUpReUA482l4MH1kf0W0ad9
4SuIfNWQHcdLApmno/SUh1bpZyeWrMnlhkGNDKMxCCQXQ360TwFHc8dfEAaq5ry6
cZzm1oetrkSviE2qofxvv1VFiQ+9TX3/zkECCsUB/EjPM0lxFBmu9T5Ih+Eqns9i
vmrEIQDv9tNyJHuLsDNqbUBal7OoiPZnXk9LH+qb+pLf1ofv5noy5vX2a5OKebHe
+0Ex/A7e+G/HuOjVNqhZ9j5Nispfq9zNyOHGWD8ofj8DHwB50L1Xh5H+EbIoga/h
JCQnRtxWkHP699T1JpLFYwapgplivF4TFv4fqp0nHTKC1x9gGrIgvuYJl1txIKmx
XdfJzgscMzqpabhtHOMXOiwQBpWzyJkofF/w55e0LttZDBkEsilV/vW0CJsPs3eN
aQF+iMWscGOkgLFlWsAS3HwyiYLNJo26aqyWPaIdc8E4ck7Sk08WrFrHIK3EHr4n
1FZwmLpFAvucKqgl0hr+2jypyh5puA3KksHF3CsUzjMUvzxMhykh9zrMxQAHLBVr
Gwc=
-----END CERTIFICATE-----