From 031c4f8221588877f42df25a3f7062fe6727327c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Fri, 15 Mar 2019 16:50:43 +0100 Subject: [PATCH 01/21] Use NginX njs module for mutual authentication MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- client.csr | 28 ++++++ client.key | 51 +++++++++++ docker/docker-compose.yml | 4 +- docker/nginx.conf | 125 +++++++++------------------ docker/ssl/access.js | 107 +++++++++++++++++++++++ docker/ssl/certs/ca.crt | 39 +++++---- docker/ssl/certs/ca.key | 28 ++++++ docker/ssl/certs/ca.srl | 1 + docker/ssl/certs/client.crt | 26 ++++++ docker/ssl/certs/client.csr | 28 ++++++ docker/ssl/certs/client.key | 51 +++++++++++ docker/ssl/certs/crt.sh | 19 ++++ docker/ssl/certs/mainflux-server.crt | 48 +++++----- docker/ssl/certs/mainflux-server.csr | 27 ++++++ docker/ssl/certs/mainflux-server.key | 74 ++++++++++------ 15 files changed, 499 insertions(+), 157 deletions(-) create mode 100644 client.csr create mode 100644 client.key create mode 100644 docker/ssl/access.js create mode 100644 docker/ssl/certs/ca.key create mode 100644 docker/ssl/certs/ca.srl create mode 100644 docker/ssl/certs/client.crt create mode 100644 docker/ssl/certs/client.csr create mode 100644 docker/ssl/certs/client.key create mode 100755 docker/ssl/certs/crt.sh create mode 100644 docker/ssl/certs/mainflux-server.csr diff --git a/client.csr b/client.csr new file mode 100644 index 0000000000..8c8b2e69dc --- /dev/null +++ b/client.csr @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIE1zCCAr8CAQAwgZExSTBHBgNVBAMMQHNvbWUgdmVyeSBsb25nLENObmFtZSBz +b21ldGhpbmcgbGlrZSB0aGlzIGlzIG5vdCBhbGxvd2VkIGkgZ3Vlc3MxETAPBgNV +BAoMCE1haW5mbHV4MQ8wDQYDVQQLDAZjbGllbnQxIDAeBgkqhkiG9w0BCQEWEWlu +Zm9AbWFpbmZsdXguY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +vC+Rv1CU1Wb4ybqtkH8cYnwmNNaXOwQoNO7guBWSESQ17pmXgpMQXDq7A0P4uB5A +X9AabNVt2gJI8wdz+h7e+fh9TA6QeXsfaQtaEdddHLeEPq8gkL/3MJbaSEonBfp4 +LGsLXUHxX7Y6UBlxTaMByhW5IRJfGEhGDWN8EmwxXuPm9i1y2JpfK6OqVD+w29lo +yFXH+pY+vShaTS968eGtT/0x0CfyWhNGemAGbdmRqBhYb3A4cd6xvTAisd67nWsq +W5qGi5h+MtMEJZEkva1RmMF99wDXR/RU2QhGY742lK1gG5i5kVJ880Ru7AsfJvMf +QpLo52IjL0NZkBm65iu0VpGbld+zVBVx2FBE03szb4FbDwW4fnVxMtGYkQmRAQPR +tmJQ+uJdE3Hoxvx9hZAbBu0QTpy4CrkkBiQjZhQ34oHj19hVo+sAv9W4JV+KkiNn +z9PpNklTrCh32cgLGyVk1ffkQXeI+r5Icu6n3Xw/94zUe9szpFFjsWUYcUEE0fkm +PwUc7UN3Bgpc32Vb5/k0A1+seA+xVvDwM5CPTZdtDu5VKGqrCkRILKgDpGp+tz24 +QST3zyzUOyfS5hbkyC2rx/ECWMQVFlejl/gpuFPzrf43Zi5N1wapSV+l/VnjsRIr ++wyr3G+e9ALlM7V+muLr669DD0/aA8jeNH96z9MQHxkCAwEAAaAAMA0GCSqGSIb3 +DQEBCwUAA4ICAQACyKfJ2wxT2z5YQzrL/g0hTyKghp+VIFR/PM1ut9CL3CYeYI1k +I9ZHrBcxOSFdDjfYt0pmgUOrAi2uVQ27nGXSTVN3PO8XyOBvG/tA1CY0N04jY0KN +5cSfhD93Rt72rOANFa1xbkNXFkSpokdOFenDSJNZhtCy31f74arh5c/l5A1PeJqi +nFqjZWq/9U9Y7TlA/V07QNEcNF7VSAP+/PnSIXK1V9tBRLUzCIX2BCG6Tvf+PdO6 +tWR46/GlZqo9Mx4nlG2SUyTkBDmam87xikznuHBMHbjYn/WL0eXQIEWsUCOpfZ3T +WHvS6pHpo91rstfYsUZz1Wwy5Ln58Pvb/+a1EHb6prBH/pnUHdzEoaUi1uHffkzo +tiLbm0ZsNFRNWW//5G9xVE0aFagHFKGBpGt45gU8SW4n2IP5UziZtmG2HE+GGmvh +N/bnjkLkTwoBzuk245SzSIYp5oRhgDJdbtPbLkzB0jwpc5XumDCTHd6h3LX8Hmgs +00R+jAVD4/8TTgDpE3MwVSnaPr+4/7vgITavkQLHIMqfvzoHGMr35KYAunBQT5LO +Y0kTvuLzwESBRs9hQU9c5kNJVeH1wEI6myDiPZ2lVix0+DPtAGGAtlDtcOl6YX/H +WETcYK0ySTmsPDzU69Cwvzr1d/6RgtaT4bU7FZYDwKmylNH+FkR0OhhmEg== +-----END CERTIFICATE REQUEST----- diff --git a/client.key b/client.key new file mode 100644 index 0000000000..bdf2964367 --- /dev/null +++ b/client.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKgIBAAKCAgEAvC+Rv1CU1Wb4ybqtkH8cYnwmNNaXOwQoNO7guBWSESQ17pmX +gpMQXDq7A0P4uB5AX9AabNVt2gJI8wdz+h7e+fh9TA6QeXsfaQtaEdddHLeEPq8g +kL/3MJbaSEonBfp4LGsLXUHxX7Y6UBlxTaMByhW5IRJfGEhGDWN8EmwxXuPm9i1y +2JpfK6OqVD+w29loyFXH+pY+vShaTS968eGtT/0x0CfyWhNGemAGbdmRqBhYb3A4 +cd6xvTAisd67nWsqW5qGi5h+MtMEJZEkva1RmMF99wDXR/RU2QhGY742lK1gG5i5 +kVJ880Ru7AsfJvMfQpLo52IjL0NZkBm65iu0VpGbld+zVBVx2FBE03szb4FbDwW4 +fnVxMtGYkQmRAQPRtmJQ+uJdE3Hoxvx9hZAbBu0QTpy4CrkkBiQjZhQ34oHj19hV +o+sAv9W4JV+KkiNnz9PpNklTrCh32cgLGyVk1ffkQXeI+r5Icu6n3Xw/94zUe9sz +pFFjsWUYcUEE0fkmPwUc7UN3Bgpc32Vb5/k0A1+seA+xVvDwM5CPTZdtDu5VKGqr +CkRILKgDpGp+tz24QST3zyzUOyfS5hbkyC2rx/ECWMQVFlejl/gpuFPzrf43Zi5N +1wapSV+l/VnjsRIr+wyr3G+e9ALlM7V+muLr669DD0/aA8jeNH96z9MQHxkCAwEA +AQKCAgEAnVotRUpM2M+8MXmtjUgr5NGoZMAWPhuwvuoK7wHiXADqM7Mr89uib2wQ +WZ+pRdLNww/QOLaRnxwQAV53BGpxyZSUuFbpSRrBXeVHD+oDinKM2pk24rIRMAjD +RnTyglY3y/RJ0VXFTWGjCrzrd55YbbCSVuv0peow4RsRcJoVAiIQSkIgaKtT7rpw +PvfumzYEHpdTmt2sYiBuuWF9LOmmMF8nGsV8KQM7CDJozcuBtot8ztmH6PbrqaSp +Lg9u0yb7iRMBc5Iz262EJyFhFlTpCJCqEjIa0KillcAMk3RGUTVTSl/+slvF7OeI +1EhMaRYbSmBq7KarguaO6iYJmFJs/BJbWeYGE2dkw0Li1YyaU1DfE1ftfPWAZjgf +H0VN3cTmshaGXy2lBkxWevO1rd9EVG8ztNm41KrkzfDjEiPTMlm51au08K6RZPuH +/z3U62yXIawHfGwl8YDFOPpycMCQWOlElkWRevsxOnmIDctYbaq+jsSCB0SP6b9M +Ct0detgyAPlCsbK5k35ctRRQrMmjVVnDrL+bxH+QWmoFrZJkrXp12ObctnKsPeCA +eofU/tkXVXDaAVEzNfirBZSF34TZOrtVa72wwgkrUGArCXGRiMO8GWKQ9eMvr4bf +UsEr8CRh5hQLmdFEUSFOeqnfFbjYpigr9YO4tlBDOysccWYxZPECggEBAOXaK/Qi +7AYhHcnDajXsCo+LmqC1t/KdO6sVZwR4taV9NEu8YLMJ8umbpE95NjTw7T8dJuH4 +L4ljanRijSPoHN9ICFh6HWtjS/e61vfQsDimfOnOIkigOR+tGrlDVmrgg4x2gINe +TeEBlyqgHg5MpCwTClZlzPDTMi4BNq3B+cOSwPQyGTafPEKvf/7O54ZCHChQ90mZ +vNxuK1cwTZsdx694QDcKdwVe2gu0du8Lr8/82ysv+lg+wZSdxK+iI8XnGPFqS3+u +MhJ1Co5HwUqxmqXQ9NYtZsBMRuGZC2GWpqA1FmuEyzOSj88uzzFWK+xFSMJtZS8X +lEvxznlZCbtvm8UCggEBANGX+a2ZkMaESUSyK+lbJXOh/7KR4IEEtdy1YwoohfTR +xxPfm0OQ3hFPwnG9iqYGtHFrRFTxPiMqMmPDxF2KtCK7SAi0fgDMh9WAUXTgPp91 +yYpFfoudT+tL8h2Ka3tiWQSMS1ONjowOGF357qmQYEe4Kcf1o88i2RKiaNn/RRGf +w5VMafhDXrAnmn3lYQKH/jRu0Vk6IRoy246YUWNg4Hu7imgB2dA7nrn4700xdHuE +YgSaRxLo/3pqUNFXX+lQPaTFtj01wJC+XssUFEl5afvf7qqomG5wPn8oj5VViquV +fz3b3nICd5AdPj1zEuQQxCe6qzMCre8BqDSF3ZGhx0UCggEBAId4OOOhGX7bUdUy +yYySW/8ShsYllA74QMyqxpbKFjU9P+9LTar4OCUbSJJWnG5DeXDzW5FfV5Uf9QQ3 +eXwqN6oZqGGNR32dfo65ni1c4B/jcEfU6DvpwwE6Yz/BwlMnlCDbTw8eK8RrzY6f +5FcFMNWRO0yEn29o6nBW4sUySGTOP88tH9Mjsr6S9VtW0vo8SKAyaC0G4VsBy6WN +oI/F04VF2IMYNeICb3zqlhZ5yttI6lvf4SrVgf53pg7l/zOK6xaOUYUlQ/nA5cHJ +5NCDMOR97W+2PpMj4brhGuYfhoFyCI7CK4lv3jZ8Hj2zzhtpEmMVWseQnCTOlaTL +p4LDWwkCggEBALitYnCWiTyCP1TqcUqy5zMWIQmlA95q2hvZL6U5w57OYM2gD1zf +fuxeDQTPcCWObtwpGhKGZqvxeGjzjEin+MVJo9UXxJbLoTx8TknfdQ5oaOcPCMvY +Fx1K09E3sDENnUYmoBDFAD9kBBB6MtLxxgQrv5TTWj0fhYmn1R+Qj7lRvrIEnLMG +GZ65pqUbwfjK/zAQHSKz14sQGOlySPR53hLoUrIGP3f9sIRJVgH8e5iCMyO/FLUS +3Flu6Dss8/POoiJXm5YfkMd5Fml2DdIXy00GKXPyDi3xdP/yK2H397HsjithWoW2 +qscvHTJj/Nc79rrS/hp6V+vq190/vtWdaMkCggEAGxi4VAH86DNztbECHSSZMV4R +Wh9UWVbsIXtSGutPv701MFO97t65iZvZgCOgS3vxPuCm3xtzCxvszCj11Q1L5o5E +aUFLYj2NX4VHbzT60OZsAjfik2rrxqhDANRGtTtxecZ/QizFoNARJN7sR3LF2pfY +Vtnl4lkqzLZtKKmejxjfDhDFdtx3DfEJZQcuIwc3Zl8iGOmOuqJlQyT5Zjyn1fZP +PvyKKY38IKd5u8wiIMpBOQA3wa/SVf5YaGp3hOTehOfVht7JLmAWfXgjYih56k+E +o6h44F3x1Ya2+Clm4ql2B1TgL+8zJow2l6XOdFEg5oyjZ4bCyGSFCU2rPrK2KA== +-----END RSA PRIVATE KEY----- diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 72adce0a0c..c51708d6fb 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -14,12 +14,14 @@ networks: services: nginx: - image: nginx:1.14.2-alpine + image: nginx:1.14.2 container_name: mainflux-nginx restart: on-failure volumes: - ./nginx.conf:/etc/nginx/nginx.conf + - ./ssl/access.js:/etc/nginx/access.js - ./ssl/certs/mainflux-server.crt:/etc/ssl/certs/mainflux-server.crt + - ./ssl/certs/ca.crt:/etc/ssl/certs/ca.crt - ./ssl/certs/mainflux-server.key:/etc/ssl/private/mainflux-server.key - ./ssl/dhparam.pem:/etc/ssl/certs/dhparam.pem ports: diff --git a/docker/nginx.conf b/docker/nginx.conf index 1a5f9cf3fb..053c5c5d77 100644 --- a/docker/nginx.conf +++ b/docker/nginx.conf @@ -1,19 +1,12 @@ ### # Mainflux NGINX Conf -# -# Taken for /etc/nginx/nginx.conf on Debian machine -# and https://github.com/nginxinc/docker-nginx/blob/master/mainline/alpine/nginx.conf ### -## -# User: -# - 'www-data' on Debian -# - 'nginx' on Alpine -## -#user www-data; user nginx; worker_processes auto; pid /run/nginx.pid; +load_module /etc/nginx/modules/ngx_stream_js_module.so; +load_module /etc/nginx/modules/ngx_http_js_module.so; include /etc/nginx/modules-enabled/*.conf; events { @@ -21,74 +14,38 @@ events { # multi_accept on; } -### # HTTP -### http { - - ## - # Basic Settings - ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; - # server_tokens off; - - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; - ## - # SSL Settings - ## - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; - ## - # Logging Settings - ## - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - - ## - # Virtual Host Configs - ## + js_include access.js; + js_set $auth_key setKey; - # HTTPS server { listen 80 default_server; listen [::]:80 default_server; - # SSL configuration - # listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - # Certificates ssl_certificate /etc/ssl/certs/mainflux-server.crt; ssl_certificate_key /etc/ssl/private/mainflux-server.key; ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_client_certificate /etc/ssl/certs/ca.crt; + ssl_verify_client optional; + ssl_verify_depth 2; + ssl_dhparam /etc/ssl/certs/dhparam.pem; - - # from https://cipherli.st/ - # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; @@ -98,15 +55,12 @@ http { resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; - # Disable preloading HSTS for now. You can use the commented out header line that includes - # the "preload" directive if you understand the implications. - #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header Access-Control-Allow-Origin '*'; add_header Access-Control-Allow-Methods '*'; - add_header Access-Control-Allow-Headers "*"; + add_header Access-Control-Allow-Headers '*'; server_name localhost; @@ -163,11 +117,19 @@ http { # Proxy pass to mainflux-http-adapter location /http/ { + if ($ssl_client_verify != SUCCESS) { + return 403; + } + if ($auth_key = '') { + return 403; + } + proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Authorization $auth_key; proxy_pass http://http-adapter:8185/; # Allow OPTIONS method CORS @@ -180,29 +142,13 @@ http { # Proxy pass to mainflux-ws-adapter location /ws/ { - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_connect_timeout 7d; - proxy_send_timeout 7d; - proxy_read_timeout 7d; - proxy_pass http://ws-adapter:8186/; - - # Allow OPTIONS method CORS - if ($request_method = OPTIONS ) { - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; + if ($ssl_client_verify != SUCCESS) { + return 403; + } + if ($auth_key = '') { + return 403; } - } - # Proxy pass to mainflux-mqtt-adapter - location /mqtt { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -214,7 +160,7 @@ http { proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; - proxy_pass http://mqtt-adapter:8880/; + proxy_pass http://ws-adapter:8186/; # Allow OPTIONS method CORS if ($request_method = OPTIONS ) { @@ -240,32 +186,39 @@ http { } } } + + error_log info.log info; + error_log error.log error; + error_log warn.log warn; } # MQTT stream { - # MQTT + js_include access.js; server { listen 8883 ssl; listen [::]:8883 ssl; - # Certificates ssl_certificate /etc/ssl/certs/mainflux-server.crt; ssl_certificate_key /etc/ssl/private/mainflux-server.key; + ssl_client_certificate /etc/ssl/certs/ca.crt; + ssl_verify_client on; + ssl_verify_depth 2; ssl_dhparam /etc/ssl/certs/dhparam.pem; - - # from https://cipherli.st/ - # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; ssl_session_tickets off; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; + js_preread access; proxy_pass mqtt-adapter:1883; } } + +error_log info.log info; +error_log error.log error; +error_log warn.log warn; \ No newline at end of file diff --git a/docker/ssl/access.js b/docker/ssl/access.js new file mode 100644 index 0000000000..590e89de24 --- /dev/null +++ b/docker/ssl/access.js @@ -0,0 +1,107 @@ +var clientKey = ""; + +function access(s) { + s.on('upload', function (data) { + while (data == "") { + return s.AGAIN + } + + if (clientKey === "") { + clientKey = parseCert(s.variables.ssl_client_s_dn, "CN"); + } + + var pass = parsePackage(s, data); + + if (!clientKey.length || pass !== clientKey) { + s.log("Cert CN (" + clientKey + ") does not match ID"); + s.off('upload') + s.deny(); + } + + s.off('upload'); + s.allow(); + }) +} + +function parsePackage(s, data) { + // An explanation of MQTT packet structure can be found here: + // https://public.dhe.ibm.com/software/dw/webservices/ws-mqtt/mqtt-v3r1.html#msg-format. + var packet_type_flags_byte = data.codePointAt(0); + // First MQTT packet contain message type and flags. CONN message type + // is encoded as 0001, and we're not interested in flags, so all values + // 0001xxxx are valid for us, which is between 16 and 32. + if (packet_type_flags_byte >= 16 && packet_type_flags_byte < 32) { + // Extract variable length header. It's 1-4 bytes. As long as continuation byte is + // 1, there are more bytes in this header. + var len_size = 1; + for (var remaining_len = 1; remaining_len < 5; remaining_len++) { + if (data.codePointAt(remaining_len) > 128) { + len_size += 1; + continue; + } + break; + } + // CONTROL(1) + MSG_LEN(1-4) + PROTO_NAME_LEN(2) + PROTO_NAME(4) + PROTO_VERSION(1) + var flags_pos = 1 + len_size + 2 + 4 + 1; + var flags = data.codePointAt(flags_pos); + // If there are no username and password flags (11xxxxxx), return. + if (flags < 192) { + return ""; + } + // FLAGS(1) + KEEP_ALIVE(2) + var shift = flags_pos + 1 + 2; + + var client_id_len_msb = data.codePointAt(shift).toString(16); + var client_id_len_lsb = data.codePointAt(shift + 1).toString(16); + var client_id_len = calcLen(client_id_len_msb, client_id_len_lsb); + + shift = shift + 2 + client_id_len; + + var username_len_msb = data.codePointAt(shift).toString(16); + var username_len_lsb = data.codePointAt(shift + 1).toString(16); + var username_len = calcLen(username_len_msb, username_len_lsb); + + shift = shift + 2 + username_len; + + var password_len_msb = data.codePointAt(shift).toString(16); + var password_len_lsb = data.codePointAt(shift + 1).toString(16); + var password_len = calcLen(password_len_msb, password_len_lsb); + + shift += 2; + var password = data.substring(shift, shift + password_len); + + return password; + } + + return ""; +} + +function setKey(r) { + if (clientKey === "") { + clientKey = parseCert(r.variables.ssl_client_s_dn, "CN"); + } + + return clientKey; +} + +function calcLen(msb, lsb) { + if (lsb < 2) { + lsb = "0" + lsb; + } + + return parseInt(msb + lsb, 16); +} + +function parseCert(cert, key) { + if (cert.length) { + var pairs = cert.split(','); + for (var i = 0; i < pairs.length; i++) { + var pair = pairs[i].split('='); + if (pair[0].toUpperCase() == key) { + return pair[1]; + } + } + } + + return ""; +} diff --git a/docker/ssl/certs/ca.crt b/docker/ssl/certs/ca.crt index 75c5dfe5a1..cfc924eadf 100644 --- a/docker/ssl/certs/ca.crt +++ b/docker/ssl/certs/ca.crt @@ -1,21 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIDhDCCAmygAwIBAgIJAK61I+11kc4nMA0GCSqGSIb3DQEBDQUAMFcxEjAQBgNV -BAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsMA0lvVDEg -MB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTgxMTAyMTc1MTEx -WhcNMzIxMDI5MTc1MTExWjBXMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAPBgNVBAoM -CE1haW5mbHV4MQwwCgYDVQQLDANJb1QxIDAeBgkqhkiG9w0BCQEWEWluZm9AbWFp -bmZsdXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTSZgdq0 -BRjxYCNZV4QOAoN9eaoXSp5yD0DjdBfP4T5HZJYMmw1ca/EeO9raO1fOvAQ7CsCq -thKb8pw9HgPBLBL8GACTK/x2rjco9c2TbgTk7f6vSVoI+UUiU2Y5g4iIPIywYoGD -/WwCn38r7NyKxxzbEstnJ2TvcvoOBXTc0EfLJ3gox1Q+FlhYQ928FFSv78tWeXug -0X2KJKY8qUrXF1LDVLwv/93XduN+nGMJfoAYJQXRVmcPLtMFEycD90xUkKIPOPox -sSQwQl9RaM7r3M2ZsEirJpeJbvzVBxLdWWaG8HqT9oRZPrJZZvcpFgzX1Yf5oi2k -GMzSsYxJBnVsqwIDAQABo1MwUTAdBgNVHQ4EFgQUMmE/LCiFwPSKXDSAQvcRF/9y -M54wHwYDVR0jBBgwFoAUMmE/LCiFwPSKXDSAQvcRF/9yM54wDwYDVR0TAQH/BAUw -AwEB/zANBgkqhkiG9w0BAQ0FAAOCAQEACmbTBIq8cZebTa+IE8zUAj8KpaGLCn+7 -nET6DYQzT1GoGToMVOdQ0goaGAGMhTGh8ezOxAPJoo3IYZwSErxSpyd20jASKkQG -p2Q+gBDZiohEumQkA2K6ywgTrVr/qNhGBvv+r40h3lJd2bbspfPLUq2zNnJpRhww -0QjObMnaDdXgD8kPy7poEUVmGxAYKhSBvi7gNInymaspGGwubNVrsakAjsi710r1 -41KT4Pq4FpfHzqpSrrGq4VFbi1NSUZWGCIqIm+oYlA5l7/cMVPS7qtV/ScsMod8s -KSkNneFU0RqKeY7dMU2bkxlCcH+xUAmWefK9WFvwBJ4HjxE0Q83qPg== +MIIDjzCCAnegAwIBAgIUXxpXHD3kBdsNf8uhfT1LzmSKqKMwDQYJKoZIhvcNAQEN +BQAwVzESMBAGA1UEAwwJbG9jYWxob3N0MREwDwYDVQQKDAhNYWluZmx1eDEMMAoG +A1UECwwDSW9UMSAwHgYJKoZIhvcNAQkBFhFpbmZvQG1haW5mbHV4LmNvbTAeFw0x +OTAzMTkwOTI3MThaFw0xOTA0MTgwOTI3MThaMFcxEjAQBgNVBAMMCWxvY2FsaG9z +dDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsMA0lvVDEgMB4GCSqGSIb3DQEJ +ARYRaW5mb0BtYWluZmx1eC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDVTLSVFZSQ3PaKZ3gz1pSVvExjRSgszyFt8hGEZAaWmaFbuxn9D0BfuVgx +xn30UFBYiNpiFcwTkD5G64IorqrRqSVw65tBkA5Fnn40sHmqT7142kK1yEuBYPSD +LY2HekuEYjTr35B2hYw/lO6ls+dA0gvNlbJc3A+Id9pfE76qBdHzwNN0CBhl6Yug +ViT7G2Dmcrj3bQDAat+GFx82x26af3sFwkcTRMAn15xJcVeJldjVJ1WqvfoSiKof +RpPg2CZs7N2r+WPbleZVbcaAZ+SPp8sqKhQSS6Ab4flet4tlqWa7sAz6UVQr01BI +YOqU0quczwPTdx84up6a1d3F8JNvAgMBAAGjUzBRMB0GA1UdDgQWBBREbFzLj3QN +DCYUgLkCF9vBT/nG+zAfBgNVHSMEGDAWgBREbFzLj3QNDCYUgLkCF9vBT/nG+zAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQBfrYUdQPO0Et6DLTYs +lkkmwLXMFL+LayW/PwwKvqvDVAV/yLqUdFYrDOBuxJbEKP/2MHzai3coRYsbglo5 +sI+CWzoH0FWpM1EuBA1svaL5fRA1mRK6r1G2kIJhkmc4l4LirIbCWntzbxaTpyX/ +1bu9xctQOMV8lUnATOsj01zv3DAwHQ3nqVahdtZGH6Qvazf01D+cLyZiA26l2p+i +6WpfciBL/J9YfgiuhXfrwqUAVZRqJ6OknCVcG3j5cCmKKbMXosk1Ou+W2y2ZTDEk +YuMUHmH0eQ1xATy4Y6V8/gZ86lc6IPUpIH9N0WKSiHFNLkwYh3jgjyYUbQGZv1ku +25Ek -----END CERTIFICATE----- diff --git a/docker/ssl/certs/ca.key b/docker/ssl/certs/ca.key new file mode 100644 index 0000000000..d592b4cda4 --- /dev/null +++ b/docker/ssl/certs/ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDVTLSVFZSQ3PaK +Z3gz1pSVvExjRSgszyFt8hGEZAaWmaFbuxn9D0BfuVgxxn30UFBYiNpiFcwTkD5G +64IorqrRqSVw65tBkA5Fnn40sHmqT7142kK1yEuBYPSDLY2HekuEYjTr35B2hYw/ +lO6ls+dA0gvNlbJc3A+Id9pfE76qBdHzwNN0CBhl6YugViT7G2Dmcrj3bQDAat+G +Fx82x26af3sFwkcTRMAn15xJcVeJldjVJ1WqvfoSiKofRpPg2CZs7N2r+WPbleZV +bcaAZ+SPp8sqKhQSS6Ab4flet4tlqWa7sAz6UVQr01BIYOqU0quczwPTdx84up6a +1d3F8JNvAgMBAAECggEAKDK3ia0yfYaXFAhh9+sFv55oCwFai+9RToYjVP8A2tsD +NOVzBWUdbazheSf+Ts/gBH9uILQY7MrvYbA6rG4WlUK6YqiUbuu2NNqk0Es98qHq +hF8l2VpxGGXsTtiD5rdeigl0DcvpTtzmTIlF3IamG2o6fTksDyIN71sfFXIEKchs +wIwMC7gSCA5rjU9Z0EqmK+rPpkJCrRPpQvOVisk4h+0Pddkv9uB5LPA7Lg4pxmYE +ECRs6yGJKxPhm/H5X2ny95wjwzCajRSCMrRYQ4GqLSdCZc+BV7ub7vqfgI7cmNAi +rkjeiVYrUX/hqmY088HRWoUVuVNM3oT+z9Lz6cUOQQKBgQD5Vb35bq9DTSgVzotK +69Knk9NFDT6bvY/wZh6RLkyR+uYfX7ZBwqcHQwhYbHFYnPGa7AP9TnzOGdnSDKmf +pkh0wHN5hd98iczguoroHpqHKMvN9vS5pJwB07sYSJb4o1zAr39pStBRqYOUu2pc +k6pYH4qu/uyh2ycT5XoPQYioIQKBgQDbAF1/4juiFbMQI1r8Oa6by7Ck/rk/HXTj +QEmg/Z+1PSy4LRdSJhiHbjNvwdxz0DqmCkqPO+6Bim9H1i5+LhkAwbJMzaa1OoyI +2Co2P0W7xqFMn+yD4K5HJ17vnMNBvl3nbsxIW5tcbg6VgroA79WfcnA0nKO7Mrcv +fgr/UIGJjwKBgQCnA2sUeLLHdxhhuw+M6PgbLib3ew60Db8r/Yt+HjBGHHUnENqp +o/R0Jc+iQ0mNXNtttahadced2q0QSVEZ0q14Hy16elUgO8HTysCfCVjjLk2OMlzt +OTkS9Du/4WfXNr47h5Ll+aoe+VhdOUjeqD8TdlVUMQhaxsyfRDiFnZUnYQKBgQDU +eaY9TOFOgH8aSTMdQ1mFDjpz2i8gbRPa56SH7Ynl7VRV3Gmj6hIiU2jUJOId+wjr +z1BHZ34fcJBGwiaZhV/8u/ChU2VKr2Np4VATEZA2fqBAF2kBChwMLMaO8yj9wBSb +VYQdL8OsCZtcs1iDUC2SZRU39kFkfe/8w+0niJQlQQKBgQCHmV8bRZX/Q7Pu3rxf +RJRvTUceiHp2YzrgWCSfr/ntSDqf+fxPEK01YNAvDD9mUFapDCNxI3BGrZU6vcX4 +ZBj7lS5pKyIU9TJw9AXYm1CA0Sue5yc93ldhPgc83PF8aYdLklPxANDQ4EgV03D/ +wBh30A1NY2uYGzFaVGRp79i1sg== +-----END PRIVATE KEY----- diff --git a/docker/ssl/certs/ca.srl b/docker/ssl/certs/ca.srl new file mode 100644 index 0000000000..195006d428 --- /dev/null +++ b/docker/ssl/certs/ca.srl @@ -0,0 +1 @@ +760DDBBFEE7C0D40EB6093F7537DC596C9D86DA8 diff --git a/docker/ssl/certs/client.crt b/docker/ssl/certs/client.crt new file mode 100644 index 0000000000..06074726bc --- /dev/null +++ b/docker/ssl/certs/client.crt @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEUzCCAzsCFHYN27/ufA1A62CT91N9xZbJ2G2oMA0GCSqGSIb3DQEBCwUAMFcx +EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM +A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI1 +MTAyODEyWhcNMTkwNDI0MTAyODEyWjB1MS0wKwYDVQQDDCRlY2E2ZDlhYy03MTli +LTQ0Y2UtYjQ0YS00YzFkMGFlZGUxNzYxETAPBgNVBAoMCE1haW5mbHV4MQ8wDQYD +VQQLDAZjbGllbnQxIDAeBgkqhkiG9w0BCQEWEWluZm9AbWFpbmZsdXguY29tMIIC +IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyLUcyWeidhaRFE3OBbcUWqmO +ls3d6DgJEFY2Td9K2vLoHqrNJD9WjwJFzTHUMR/6OTYN7mpABxBv6Ogbu4Q3A6b2 +ZCbAdIIPLCLS/CKZxNIKFBwQRIbFwkFx36ma5ykWtbAcaULhW3XsA+WPJiPb9OtV +Wo7/VsarSOaXlTaK40+F1fvUF6RWlAN/9JQVL+PUurzbOgjpRdUT2czOyRCiEjf7 +vncFSP4GtIkTsKmkYPmBFXruhD7n62B1bB6AQqYfV8NFjpMauSnmBQYDz8+AK6BP +406FsdDMCS634X8h+WqXT0+lSyLnam/2WLPc6KU6yDka2YGS3+LMFMYdfiu/6JWK +7Laoq2fnqCOEhYU8sQIrBT94SdMMsfnz8xBZxUBnZyvTrClc/efU97bAgMF04rKf +9lBPb0WwgQXOl2s5snKneppFurTKhLh5X10//BPOUfS0REAet+t5mmDAZq7mFvpu +p881o4mpkmnUfwwbMRbLm3+LXUMDI3dyIE4klLuvpgYNExi2oyxUk9qfYhYspPIu +cyGCulJ5PIKD6854H2ZlBQsHoridIaiOfBF7XUuLlHjKX7en5gWEMZwHkd488BR7 +hVXUU6D+APMnFQiQjHlvdHNrvuM5Lo3+ii/FJJDbb5UXI3A12eyPKfxYh1cMQY2n +HH3uGKMm69Eg2PL26WsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAreY7MV7ViZab +pAc8PnKjfC+veP5UkaOKM1TvRtSWTYiNs+ZwtJ7IiwlFZkKZV0Mo/6w/i0RXma35 +mzEliJIdRpz1Qc2mq8CvBKn8rht5TpXwPA+a/dn4E9V74LXQVW55966cZk5ouQxV +8p6npJ/jQZaQiSFeX0IYMr9C0JXGj91bnMzdkxNH3qiI7hUL87+ZlxL2SCChi+qG +3yxGOfz+YqjgQvDjWLd4G50vSxv+iLkkVbncYtKD489CNK+f9oHTpMULjHwqDhsP +NbiRN0JkOOoCpd+U2i69G0OvGjNVcfater2O+PFRohXYqaJrBoKBb5X4OOYdB48O +nHP8B79WLQ== +-----END CERTIFICATE----- diff --git a/docker/ssl/certs/client.csr b/docker/ssl/certs/client.csr new file mode 100644 index 0000000000..7a82793cc9 --- /dev/null +++ b/docker/ssl/certs/client.csr @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEujCCAqICAQAwdTEtMCsGA1UEAwwkZWNhNmQ5YWMtNzE5Yi00NGNlLWI0NGEt +NGMxZDBhZWRlMTc2MREwDwYDVQQKDAhNYWluZmx1eDEPMA0GA1UECwwGY2xpZW50 +MSAwHgYJKoZIhvcNAQkBFhFpbmZvQG1haW5mbHV4LmNvbTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAMi1HMlnonYWkRRNzgW3FFqpjpbN3eg4CRBWNk3f +Stry6B6qzSQ/Vo8CRc0x1DEf+jk2De5qQAcQb+joG7uENwOm9mQmwHSCDywi0vwi +mcTSChQcEESGxcJBcd+pmucpFrWwHGlC4Vt17APljyYj2/TrVVqO/1bGq0jml5U2 +iuNPhdX71BekVpQDf/SUFS/j1Lq82zoI6UXVE9nMzskQohI3+753BUj+BrSJE7Cp +pGD5gRV67oQ+5+tgdWwegEKmH1fDRY6TGrkp5gUGA8/PgCugT+NOhbHQzAkut+F/ +Iflql09PpUsi52pv9liz3OilOsg5GtmBkt/izBTGHX4rv+iViuy2qKtn56gjhIWF +PLECKwU/eEnTDLH58/MQWcVAZ2cr06wpXP3n1Pe2wIDBdOKyn/ZQT29FsIEFzpdr +ObJyp3qaRbq0yoS4eV9dP/wTzlH0tERAHrfreZpgwGau5hb6bqfPNaOJqZJp1H8M +GzEWy5t/i11DAyN3ciBOJJS7r6YGDRMYtqMsVJPan2IWLKTyLnMhgrpSeTyCg+vO +eB9mZQULB6K4nSGojnwRe11Li5R4yl+3p+YFhDGcB5HePPAUe4VV1FOg/gDzJxUI +kIx5b3Rza77jOS6N/oovxSSQ22+VFyNwNdnsjyn8WIdXDEGNpxx97hijJuvRINjy +9ulrAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAVpJYIcfwABfG8kjJMwlDFZ70 +/XQfSigSxiKxMC0XZtN5F3h08hQZkQWjuWLV+f4CdBJLgMAAuAj8+4pdzL3FDq/J +TBZKWjVEQ85jkPBr9MPG35VCz2/3QRLwIbFWIi9UtCQCuSI4xix1i45tQRpGiN92 +gbM2A4ZcJpsxLmdTps8ELODQCflW2Br9L9w+y0l8ndjcB4ec3znnSfIfjDFxGV1h +w3LFNUUoiOvOnSbafwF8a3gUc5p3tna/xk5IdIeErFsqzrdJ8Q3Tqoo5eJymadYs +lqo6xzPYvc2oZBa8M+ZmKETkt6vA84Obzu5gcGEio6eEroQpNyBchCegQPW/LHNc +yg3kBES9t7edoZsoQHQ1YNkFVA4yV5Fqh+TP3eOYSZo7lilrizgDhJRamdxFteqd +bLf0zObTBBYTAhXOH2th4ptFo2hGyxl+wruOSZ9NbB9otzZU5q/vgVbRC3f1B46s +g5Tq8c6Bj6aqt6eLanEUZ1dAwKVruekudve7Bm1FTQgLGBVNuglzDNoJqNZaIMEk +mNytDxYYIhm+xi+Bv1UWJC60ozpLwQTMSnmz75laE7d9K2Vtx6IgN3LKW6VTEZsm +mrQ1G9N1qKptpVnev7Bkjd2hS/jFYnOf0huTQKAG260NmKVEj58seuDZBdgVuoaV +BRWKjTZUg/m993ip/Gg= +-----END CERTIFICATE REQUEST----- diff --git a/docker/ssl/certs/client.key b/docker/ssl/certs/client.key new file mode 100644 index 0000000000..5008bcbddb --- /dev/null +++ b/docker/ssl/certs/client.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAyLUcyWeidhaRFE3OBbcUWqmOls3d6DgJEFY2Td9K2vLoHqrN +JD9WjwJFzTHUMR/6OTYN7mpABxBv6Ogbu4Q3A6b2ZCbAdIIPLCLS/CKZxNIKFBwQ +RIbFwkFx36ma5ykWtbAcaULhW3XsA+WPJiPb9OtVWo7/VsarSOaXlTaK40+F1fvU +F6RWlAN/9JQVL+PUurzbOgjpRdUT2czOyRCiEjf7vncFSP4GtIkTsKmkYPmBFXru +hD7n62B1bB6AQqYfV8NFjpMauSnmBQYDz8+AK6BP406FsdDMCS634X8h+WqXT0+l +SyLnam/2WLPc6KU6yDka2YGS3+LMFMYdfiu/6JWK7Laoq2fnqCOEhYU8sQIrBT94 +SdMMsfnz8xBZxUBnZyvTrClc/efU97bAgMF04rKf9lBPb0WwgQXOl2s5snKneppF +urTKhLh5X10//BPOUfS0REAet+t5mmDAZq7mFvpup881o4mpkmnUfwwbMRbLm3+L +XUMDI3dyIE4klLuvpgYNExi2oyxUk9qfYhYspPIucyGCulJ5PIKD6854H2ZlBQsH +oridIaiOfBF7XUuLlHjKX7en5gWEMZwHkd488BR7hVXUU6D+APMnFQiQjHlvdHNr +vuM5Lo3+ii/FJJDbb5UXI3A12eyPKfxYh1cMQY2nHH3uGKMm69Eg2PL26WsCAwEA +AQKCAgAC/4mdjJnFr9Kc/giM105LiGrj39FnzaZ9Avyurx48JRLImn6UAwo0+rC2 +Pv9PeI3RWvhcTmQEdv9k+Eqpw3Da8hyOJHINi3/UhfSm5ZFsekLCSCUKEQVVQIsF +70+sElYPgsD55ZDeP+W1rTE1PaXkg7tzrd0sm60lWqR7CySJ/r8eEjP54m+UqHS5 +35htbbbYz0drF4T8kRFJ2KBiKohxQzrUfoyqqXjKK54Kro4REMkX3A1CFnp6bqdy +ZQY/eKHROs6IMbRdfb2853kZGp1siWmIGL0widDydiszCCYmxqvZ+HOcqrnQQjno +2076frVhFlFLXH8oLwgja043e0nTldfU47WVhyrQ/VA/v062ThmPcGcbUhqzHfRo +44VOnqE/k/F2r6M51VDrmFbgzlvrnhUTNEBVEbZJPkHa7lXFpGu/U4lDcnYpVlXM +p/LRuBKs2R5csekhz2QhfUekTMszPExhIVWjM+e5Zzu5yNvmjGxRXK6Un/Z0AFuG +qNCWmRy/2+yMJ+BvGPoF5gil6lO6K5v2mTiJ7tyMNqYxuZTc6/0oXOfsa25NcMEv +4Oce6Vs8mtL9kwNGOx8XogcRHN18tsEbAs+XBC1TckD7dTagBDuLfyi0l3pVHa9v +HABap2Spup99brr1/1M8L1DOt9DncG0nK2IqO+1M9YbTf3XBcQKCAQEA79eitve7 +Y89PKOyI8GAHzorvcLa9l3KqTLtPfk5lM9lEwC9OdlGoki/8puL0ibn6CjmyJ1qa +wF003jR8SJmllCmUZGnTShqUEJvmVfZO9nM/OvkXAQPpQTJ87pSpwyGSXTxC/vO6 +oYMw1Tgt8GruDvhDRoyxJBjRCQQnDMrS3pI0rn2OIC0KbcluXEqE3dBPRAgc4fmq +kXm4pOlpjOI8KnWJZChpXSfasJMbzoyYRY18v4zAFplwDUqpIQyLtXsh5bGNZdb6 +KyD/p/8ASb5GDrZLOOAkGl0r43IK7bILi11sY7bzqSFoqSOqLiHbaFoMGX/rY9i0 +6M4GhrGzHxb2qQKCAQEA1jqMzJOWpqcUshklwGku33XYGvgCohnXZCCfZ6GyLH3e +HwOlUlDEU53xlJRKyGgFrsFzqoQLKTACArS6mF+6tdvXOzIzUjWdXyKCPx9mzTx/ +0kGhzODUR/j12ni57kB1DkMEZeQnyMpBbZ1brSj22hl7AEQmGFuOn7ap7y11EEbE +DwVuXyY8l4y/fzwJKD3fIwBdyIVcRCQasdPwZxYl9AEsJFAaaJr3Muo2qS0Nl92t +is0T/eztGy4XfBrjqP4O+C86Hdrgtly2GA2+7NJ598gjB8NeEhjIWVe6w6cxJQzB +OObXExIpBFb4NYEwFX7jyDLNmEvhOD8Jrucqdavv8wKCAQBTtuWBjainpuWPeDg4 +BpzS9+WpZu94HDra+4o8oOpsFYsMtbZiUBBRrlQ2gAMwy2w+A3Nujw5y1FWutY0n +3hFQTM8R2Wo5dFt4DKJyIL3hAcrxL55a6V2SNygqMlOq2132EyGjUbkzxNHXqntG +blxXd0osJtFxswPLbNqgeW7u5wNiYEqqam44cdWGezAzKBFywo4qRfXGP0E2to3z +8cdkXpAtGHnmXRHVDhPnnWVM6ZzAU0V83eOhkAzGj1V4a9kiDj43bLj3MtZpcfVM +yBA19GT/HiUb2qeGBPlRjBLBe0No7qPPxex9FQjCf2jQ3JValS65NBu5IqhefUnz +MRW5AoIBAQCWeGmNB905EQIoViF+FGMn8c3oo2q2ERCI86EDWT+coIvznMvyFWjQ +ko+snLwqJ2ZWaOqlSjnMpDvFSswFWrf6JH/4xDnn9GClAcgaLiQ249ekBxVuojx4 +kRWebk2qWvvdGJVuO+L11Zo/M9fAuJUqe9s5RKS9VxHGfLa/mF4xIIN1SYtMqb7F +c8bNx41nBo5EN22n+oPkGLfnT8X7okLmMCyhFOJ3tuEKkhfynAKAOOQ8Ke9w24lv +HeDA+uINQOWizQk1Dxfm/xenrX/9N5kTwS9ZtI/OhjmzBzvXUQfjziGppfpLGuZU +dgHBEwyDDK1RYN2nqyR2LVDP2O6p2CqhAoIBAGGsV570dFCfCrnU3v0HnbjmNFwo +lqcEO2ez8timFgnjpUcZvIxIGvoEQKnqt9NzHx4faGygThBTCsAJkBMLM04SdfGz +YumMLqTKkUDmjmb0zwnT9XrYUfI8EM9X3rjkMWDdG05E15i9G6ZvdS7CZc5Mz0Qu +gquSww2QkB9mO2FjgnIVQa81v4D2OqEd7LbaFFJvA3XSRCaefP8Tpz/jT6ygk3BK +y51RUfsy1LFaf8CX5oYQlWH58EnWfLoQJaAlc9WXUM8ra1rRDQ9cUjdprK626aEF +7YUJ3RrhMOQvUclXVu9H6Sz54yU9QXmpivtatC6DhaL0kFYBGeRc//3ex2M= +-----END RSA PRIVATE KEY----- diff --git a/docker/ssl/certs/crt.sh b/docker/ssl/certs/crt.sh new file mode 100755 index 0000000000..c88175a802 --- /dev/null +++ b/docker/ssl/certs/crt.sh @@ -0,0 +1,19 @@ +# Create ca. +openssl req -newkey rsa:2048 -x509 -nodes -sha512 \ + -keyout ca.key -out ca.crt -subj "/CN=localhost/O=Mainflux/OU=IoT/emailAddress=info@mainflux.com" + + +# Create mainflux server key and CSR. +openssl genrsa -out mainflux-server.key 4096 +openssl req -new -sha256 -key mainflux-server.key -out mainflux-server.csr -subj "/CN=localhost/O=Mainflux/OU=mainflux_server/emailAddress=info@mainflux.com" + +# Sign server CSR. +openssl x509 -req -in mainflux-server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out mainflux-server.crt + + +# Create client key and CSR. +openssl genrsa -out client.key 4096 +openssl req -new -sha256 -key client.key -out client.csr -subj "/CN=CLIENT_KEY/O=Mainflux/OU=client/emailAddress=info@mainflux.com" + +# Sign client CSR. +openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt diff --git a/docker/ssl/certs/mainflux-server.crt b/docker/ssl/certs/mainflux-server.crt index 70e8298b1b..d960101bc1 100644 --- a/docker/ssl/certs/mainflux-server.crt +++ b/docker/ssl/certs/mainflux-server.crt @@ -1,29 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIFDDCCA/SgAwIBAgIJANUB7oWmhqk8MA0GCSqGSIb3DQEBDQUAMFcxEjAQBgNV -BAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsMA0lvVDEg -MB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTgxMTAyMTc1MzQ0 -WhcNMzIxMDI5MTc1MzQ0WjBdMRgwFgYDVQQDDA9tYWluZmx1eC1zZXJ2ZXIxETAP -BgNVBAoMCE1haW5mbHV4MQwwCgYDVQQLDANJb1QxIDAeBgkqhkiG9w0BCQEWEWlu -Zm9AbWFpbmZsdXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -ovtHVZacXvf5m7iyhLdGqBaoTwUMSWR+LDaHyeUAcqLy4AHe2TGdJmbrsSKJOb94 -Winru0dgQyBE1a/I+MOPYVNbYmShOoUSH6/a2Ph3DM8C7PjaFsc+uKd6NiVRmFid -c+3pQ62Um9mgJ5jD6kFB2uO5Bk9zxlDRGZz2BYvMFGcbhDZzf28O/Wwitfjb3dek -8kohknaIgHy50qstxt/GRFVHpqK0B+PVubC3Dr1Ext+lZORqM44o36jdUyVhnFXf -f8Fj/g4whrJfq3AOHeMsxm1VLqKeQb9CxpWvUi396w/bEXOuKXyoP5hyMUAvXEoE -pw2+M/CPHuCzj/ELafjWjQIDAQABo4IB0zCCAc8wDAYDVR0TAQH/BAIwADARBglg -hkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgXgMCoGCWCGSAGG+EIBDQQdFhtNYWlu -Zmx1eCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFDRwdZDGidKOpuJ29hXz -RWRFD8YkMIGIBgNVHSMEgYAwfoAUMmE/LCiFwPSKXDSAQvcRF/9yM56hW6RZMFcx +MIIEQTCCAykCFHYN27/ufA1A62CT91N9xZbJ2G2jMA0GCSqGSIb3DQEBCwUAMFcx EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM -A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb22CCQCutSPtdZHO -JzA7BgNVHREENDAyhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABggV1c2Vyc4IGdGhp -bmdzgglsb2NhbGhvc3QwgYsGA1UdIASBgzCBgDB+BgMrBQgwdzAcBggrBgEFBQcC -ARYQaHR0cDovL2xvY2FsaG9zdDBXBggrBgEFBQcCAjBLMA8WCE1haW5mbHV4MAMC -AQEaOFRoaXMgQ0EgaXMgZm9yIGEgbG9jYWwgTWFpbmZsdXggc2VydmVyIGluc3Rh -bGxhdGlvbiBvbmx5MA0GCSqGSIb3DQEBDQUAA4IBAQAwrfzfLLe35aTGel9tWpWi -aWSATgYThCzaFqqzsQBNAmB/S+06xI2JSeXtHOestsqLZOrWdGG6LJcRiyCR/XWv -SxDRPUgjp14YQCml8GWQLairhdXNWZch1d+Bzr2XkJrTzQUex/XCJQnp56CzjFUO -XADhQdiaESvu/tk7nRuX8qYqwyIqwzRm5KlqHJIvsDXddGluS5EtsshdtAwbRQdR -jK1egJ3Z26vn68zrZiPQOYz9gmJs2Zl71bd4cGEBa6m7RGi9ww7gU6TsMoE8BTDg -i2ia+MB+COQB8ISx1+Pyx2migImZlnlYfSup1ObboyJV2jdqROBWbaosHqhh/7VF +A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzE5 +MDkyNzE5WhcNMTkwNDE4MDkyNzE5WjBjMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAP +BgNVBAoMCE1haW5mbHV4MRgwFgYDVQQLDA9tYWluZmx1eF9zZXJ2ZXIxIDAeBgkq +hkiG9w0BCQEWEWluZm9AbWFpbmZsdXguY29tMIICIjANBgkqhkiG9w0BAQEFAAOC +Ag8AMIICCgKCAgEA88Ti462RHsHVvE2VSfslOnfpJnakVv/wju+JyjRiSgbFoQ1K +QXtojtYIzKmnc3k5c0spXfNFbOB+FM8BQxCX6ALXTXGAxgFY5UGOeFaYWVlcZgiF +GzeT6zb3eZxIpcBhrjLzWLheAe/2HMv0bODL7CUkvFDMwDwY38GDqhPdVtToHdW/ +H5rGKamFhH7A5BYYyYR7UP482NWJHvsPJzOek8hV9H1fl+xwxx+gDxF3p4hAeJr+ +qac5LJC3vwfipw/If2f8vc6rlF8u54wcTE4Wu6kDHUFcSFBkNsf2Z+LrHCk9smIV +xbqFgsyWWmcW/BRVsPzSHwXC0mDIFQIjJ7sytM8m6b66N3eo8dRBbFzQOL89ezHw +sJAEgnxAh83Gx59Gzc5FHnJ1fA/Mx1fxQrnxa0i8JUaaEmayOtbDOE47W6LI/5OZ +Ly/4hGl4gy8XADnjypSA3yjwailHia31McXRXegIZpPwmfCSe/x6/xZX9JJZEQCW +BrTIqX0Uh4Im86YPsHT2F3qc3/RcrzvmP2T/0oBcEbLoMYEDCFJO+vXxESUS1rD7 +NaA5iEcScl9+PzVcwYa0iZ0axk6tZP4iOLy/J1dM7t1wBUWyq6qOxu4li90LQobu +aIk6p/Yt804bnRyhuxfEFx9RHXp3ldlw0txthIVVXOR1OOO/LD9gwnrw5SUCAwEA +ATANBgkqhkiG9w0BAQsFAAOCAQEApxsJddnftiIgaDcvgYs/YTY7YXOwnBmZdBl1 +b2k7tLMj6B76d/ni4CmMmSO1UAYH5vpbdXkQUffJ2BPZ4jIlq0RpTX2oe+0+YQTC +DGKR3UTEVKL9lrA4ihSJj9vmpNO53OCOMo/oxRtUig5bSUO+Z9WMiLS4B7P2UK2X +miSIbD6cT+4Nm5IUdeDoq+7Z2iyT/VMJYj9A5xtIQMPsn8zwjX7KXc2yfIVTvfCA +S4Dj2R61joC2k6xOI6uM1EgHVz/+RBlxmf8qd7FywDS6XfkhUvCzEtPzAJFZT3rg +X1IoHRUcwM5jomktGHF0vJh+x4LSLsHbFEcQwIAuMFi4cOwSzg== -----END CERTIFICATE----- diff --git a/docker/ssl/certs/mainflux-server.csr b/docker/ssl/certs/mainflux-server.csr new file mode 100644 index 0000000000..ecfeb6ee7c --- /dev/null +++ b/docker/ssl/certs/mainflux-server.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEqDCCApACAQAwYzESMBAGA1UEAwwJbG9jYWxob3N0MREwDwYDVQQKDAhNYWlu +Zmx1eDEYMBYGA1UECwwPbWFpbmZsdXhfc2VydmVyMSAwHgYJKoZIhvcNAQkBFhFp +bmZvQG1haW5mbHV4LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +APPE4uOtkR7B1bxNlUn7JTp36SZ2pFb/8I7vico0YkoGxaENSkF7aI7WCMypp3N5 +OXNLKV3zRWzgfhTPAUMQl+gC101xgMYBWOVBjnhWmFlZXGYIhRs3k+s293mcSKXA +Ya4y81i4XgHv9hzL9Gzgy+wlJLxQzMA8GN/Bg6oT3VbU6B3Vvx+aximphYR+wOQW +GMmEe1D+PNjViR77DycznpPIVfR9X5fscMcfoA8Rd6eIQHia/qmnOSyQt78H4qcP +yH9n/L3Oq5RfLueMHExOFrupAx1BXEhQZDbH9mfi6xwpPbJiFcW6hYLMllpnFvwU +VbD80h8FwtJgyBUCIye7MrTPJum+ujd3qPHUQWxc0Di/PXsx8LCQBIJ8QIfNxsef +Rs3ORR5ydXwPzMdX8UK58WtIvCVGmhJmsjrWwzhOO1uiyP+TmS8v+IRpeIMvFwA5 +48qUgN8o8GopR4mt9THF0V3oCGaT8Jnwknv8ev8WV/SSWREAlga0yKl9FIeCJvOm +D7B09hd6nN/0XK875j9k/9KAXBGy6DGBAwhSTvr18RElEtaw+zWgOYhHEnJffj81 +XMGGtImdGsZOrWT+Iji8vydXTO7dcAVFsquqjsbuJYvdC0KG7miJOqf2LfNOG50c +obsXxBcfUR16d5XZcNLcbYSFVVzkdTjjvyw/YMJ68OUlAgMBAAGgADANBgkqhkiG +9w0BAQsFAAOCAgEA6OXmgeEdkzwPdGw3oau6ZLPXA9NHHmRhBVG6bgJj59/P/tUu ++yecjqwKl/lC6uoBGPujSnMPBScjNft7XfhaUcmZtFoizot2gTSWBnaQyC9xvdS8 +bwjV3CCIo7VeNd6b6EPyoogbiG5cHuGDQqJHJFQ6P7QGxqqb20rAAPrXK2yG3ZYI +JXDc+tZEgf6jrlfMA8noBVKV8mH7Y0r22gzGd1OjtKNPDpquKGfuTIYuT/pZMKf9 +I35LGmjM2DKV4RDOxNi84C7dR8hTFtFFIS15M6NVajnWDS0wQ+pDRY1+VmaKjYV5 +PHT767Bnyb/o2gfNTMWCB7PsqRBVGSzAkKZAqS4YJo5Y5pDkHFnFbePXc//U0E+U ++wEm3axIUDTD0PiDp9wlQ/oNTbxejWGbSjmN3ArMuftaDuoYhcbNqAgCD54kEON6 +w9DHZyJTBBXTokgdgRWAaZMDBPIst4pvUxmPMwS0YGppDumElTCv5yO4k6VvD4X/ +YTo3pajQq7/2y56778K6wvF7jb4U3CgEK/6t6CZDA8mfNoM64zz4yENeNkLsYfb8 +/LL6a1ihVB4H0qaz98q0ao8elV55GJlBxphm9/GHgGxuUcMgKOM91OsyENvMbHWX +vxAClR0Lb3R7m6oV9x8kF92dEQzEs9Ko5wV2t59MZVzlELr0aezdGXOrF6c= +-----END CERTIFICATE REQUEST----- diff --git a/docker/ssl/certs/mainflux-server.key b/docker/ssl/certs/mainflux-server.key index 9335e3607d..545b852d8e 100644 --- a/docker/ssl/certs/mainflux-server.key +++ b/docker/ssl/certs/mainflux-server.key @@ -1,27 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAovtHVZacXvf5m7iyhLdGqBaoTwUMSWR+LDaHyeUAcqLy4AHe -2TGdJmbrsSKJOb94Winru0dgQyBE1a/I+MOPYVNbYmShOoUSH6/a2Ph3DM8C7Pja -Fsc+uKd6NiVRmFidc+3pQ62Um9mgJ5jD6kFB2uO5Bk9zxlDRGZz2BYvMFGcbhDZz -f28O/Wwitfjb3dek8kohknaIgHy50qstxt/GRFVHpqK0B+PVubC3Dr1Ext+lZORq -M44o36jdUyVhnFXff8Fj/g4whrJfq3AOHeMsxm1VLqKeQb9CxpWvUi396w/bEXOu -KXyoP5hyMUAvXEoEpw2+M/CPHuCzj/ELafjWjQIDAQABAoIBACZM2KmjWCH1MkJG -+CS6ES+lC25uaEHDDOeE9Qob96v44QyFRAJUZ3LD0vVwgUEB3t2JZm0/S77akXKJ -+beD9WjQtvP7Y+wlo2mw4MQGN6vZ5f0cSdv6fKHWMaERygf8IxxAN4YA/6BUVw+X -FcsyBLDUvQFfoHxlN45GVYZeINpWNJEM5NkQpoz5JJmWplfRREtRDiFfdFvh8l25 -nOeYaZkD9IAPW5k7ukzzUM4voNOKoutCV3h30AbD8zNMPblatLTrT9ZRtjEiofDn -iNT6DR2Ge4WWN8e+9h9CEklhhCwBULNlCg2mdNKsiU3q74oBExiKNrtJGxZXlhny -PIpciL0CgYEA01HmmXG1z82QmcvoMZBoHu9wNNl5krt5YsYUF9TWXTPijw6zxnLB -b0ef997KzMt1ZGRSq8Zae6YdMRXCvQJh1SMbhBTMfOwzbx+cqCcInmia47jAXgaV -agAc7im3gULeTnXtNRdo9cj2ilHmlJNFI0N0rl9NJxpYACEeSFaR6YMCgYEAxXD4 -Z0+Boo+wsIvcxYWkYWpvhJfqqdETZJ5RdgkWLFG7OA2SWPgqIyWxPTnQRsK5ryjw -xyxNv7L9Ddd/+yCNsiuUIEdhLPtoIfBQ96722IJMTOxr9eWUXVngANBeMUypv/3q -v3AeD8MfTgJJPZ5F3zfLAeBPUxUx6JUIRxjFEq8CgYEAh+3q01EdjinAle1f0mH9 -V8jU+GnbldMZ5btcOWgi65jwZu0iHsi6PIZqE9svwEQvowAVXYEduuPDa0uAFGxv -2dXXYUKvtruI6jX/YvqYxKys1UaGFvVNLv4bnecfrvoAXZ/lkX0ZeuBmFdtQ4slI -c8J0T6Xlzv1XFd43yHhHK1kCgYEAwwc0V9hRVSJahgmhqfq4xQE95tupENVVMq6w -CMgw/tY8+MFvLjL0bINu7+uLsFno0Py/2f4JTrKfBG06HfWqAbTKPJhFhQlRczTO -xdouOu96LwHaIqsEQrHkculgIZJ4mw1WNIOrLiavZX8cmaEdo8CY5uGLeaYWBogw -BQqSoEECgYEAuNXFrwDzUoqiFo9+7gjzT4pjQgh/zNTIODaXwIVBjTRe6Z4bQayd -Jel5Gf1IHu9iik6pvaVfK8tMc8eQisEC8F9U9l6mqw/Q4bpQ5k6CQtGe0roBEj2H -qJIQ/1TjMAOkOx7YiqTuFP4vs9LhCRAflQQ/Tg0fcHsMWBlPpWlEkRs= +MIIJKQIBAAKCAgEA88Ti462RHsHVvE2VSfslOnfpJnakVv/wju+JyjRiSgbFoQ1K +QXtojtYIzKmnc3k5c0spXfNFbOB+FM8BQxCX6ALXTXGAxgFY5UGOeFaYWVlcZgiF +GzeT6zb3eZxIpcBhrjLzWLheAe/2HMv0bODL7CUkvFDMwDwY38GDqhPdVtToHdW/ +H5rGKamFhH7A5BYYyYR7UP482NWJHvsPJzOek8hV9H1fl+xwxx+gDxF3p4hAeJr+ +qac5LJC3vwfipw/If2f8vc6rlF8u54wcTE4Wu6kDHUFcSFBkNsf2Z+LrHCk9smIV +xbqFgsyWWmcW/BRVsPzSHwXC0mDIFQIjJ7sytM8m6b66N3eo8dRBbFzQOL89ezHw +sJAEgnxAh83Gx59Gzc5FHnJ1fA/Mx1fxQrnxa0i8JUaaEmayOtbDOE47W6LI/5OZ +Ly/4hGl4gy8XADnjypSA3yjwailHia31McXRXegIZpPwmfCSe/x6/xZX9JJZEQCW +BrTIqX0Uh4Im86YPsHT2F3qc3/RcrzvmP2T/0oBcEbLoMYEDCFJO+vXxESUS1rD7 +NaA5iEcScl9+PzVcwYa0iZ0axk6tZP4iOLy/J1dM7t1wBUWyq6qOxu4li90LQobu +aIk6p/Yt804bnRyhuxfEFx9RHXp3ldlw0txthIVVXOR1OOO/LD9gwnrw5SUCAwEA +AQKCAgEAlhWclA1jEgrJq5wg1GHac/ssA1B8skv2MirtLR+/fFBbEWN7WoG+yGKj +HE9AF+qFIqUeHQgQsI4vUmR5JG9s9534LWg6nq5pqw0HyLOYLTrFltScDzvSyLkY ++TjtyY9/FJ+uD+vDhXHWl7hDD14Ab64WxhMBXUIjFnCwveBpIHMJToUxnSXP6ArF +d+QKouOv8zKsMhu2HtKqD/cHR12Svu5TbapbVtBuR0sDYwOgJffPqfHT5WRd4UBg +wS77r1waV8cQZ1R9c2Z/HHS5X4mcmYHftv1s8eD9MnU/Eos1sir6H4AgY5MJbJTF +5XcfQajLcaLXQ95qKtkHl1eviWDKQDC3szH164DtzShn272Lm+5fxpGXhy0QUDa7 +3VuqnN70DLswkSvlS9i07yBllZVycFjsU0x77hY6Z9vEvpq+d/fVcjuV5UX5KYJ4 +2ahqbSOpozfcnjyoj2AUBrYWhPpiksPWi6HvFJuDoljXxC/dFweiHbXT82+jseb+ +bKC3GVaSH3C7Jy7cXG7MbbJ5LtQdvN4/VcGHIM0In3dyAfEwSv5LXWsMxQiCNFCD +gPMzROwpRup/MrgVFsdnwdOqbyXx9zlQU6FehhQ/0FUM8owESqb8lkaNqASYY4Iw +ShvJR+wyl1eUPmQh+waxBNrwND3/1QgZZ0mkNCPhkQX17JPNWOkCggEBAP6aRLS0 +YqWWYb4agrOhav+C1ae8g6V8/BA2i3nfBcTQlzy4K6Ov120a1qdNbCYyEDsSq/vG +o+ExM9En6O46J+VZEWfy9BUJknzEUwK866evSXudHenavgqJLADfHR3JCAR1GUOE +jsKdHF39TEH3Lk4cZUG1ZJ18pE5441Vj64np399yAUmXhESJXlp5XAiavFcqd3d7 +jq3cc2Sd4B2nWtoyb5XEf44ojZnRdFyKzPaZ2VFnnLeipWcOSBLGLCs+dbDgsxz6 +sfd+3Jhsa57v+tqDMD7YOkrtlaWk7DQ7RqF09QAmEIgjLYlA2BZeisSts1o2hW6K +ZHdgIxnIcbpI/b8CggEBAPUbZWs2lfQ8Ulp2hb0vTUkwyaTc25a404n4x2Ew2uD3 +IpaXsZicz8crwWCHrnX0IWLTfE6f8u4O2fzVs8x9FHwxuoUUlNeql8JVRhq9Ml0/ +xDmdlZAZQ1sb3a6GZY42nhlrSMs4rN8Okx7glwFJ9DvuXxRGwjjaI77UKQ8pAzoP +HThTC1rifkuDf8k1jlLpoRrxWHJwKVbt6N2XxNTZBSnVDEao2RWChxAgo4WiHzMP +lGYjvfBlSuoxqatKkjtJadKIUh/XH3DUzYetPXI2ec5sOUr+K2MB9wEXROvYN/4s +LiqGx5zf2sxTow1O0C5CUQxfUXVcujUWVbpRAABuXhsCggEATpdEOhusj7y58zqv +uc9L/g9e8GYqpPzNuht8NmR3nWdeJ+oZ3m87KnysYfxuM+QkSnfbCt8oWy0a96dA +Kbld81fpHZNLcOsBgu3/ScsTWzGqlzPKthNFsm7hXGuCy1zw0p9q6wKSJtTkmsbD +sWEhtA7j2sKpikudVHPQiN1NKcc9yfWhHBxfQeC9dWQc2rMZDDcZpZJIWrbAEAED +22N7kfsbormDPliaTS7wolheKIkZIh2/rJfSQtuPt+vgWoDvR2g1Ie7o3KMWaR6e +ofMmFimEzQFmDRcFqJoeJ4lcph46Oo+FbuCc/886ZL1OTKPpxyEpUxP5KzhL3XuY +T46UdQKCAQEA70irnhtQEXvCOiZzMdo37Tf/4z7p8R7HBW8l1jBHvlAGKFY3PvH3 +tk11H7PWEbkfzscAGBH2q4k8LqTCPuPtV8GEgd8x38nfFg0Bv6DsxjQ2cLjzBhZj +t1Jg/Lyf8FJJzi76hcrymWA1KHPBd7SnBssTb0wU2EO9mdKtsusrB0cyE4afEz8C +ZN4fpmLuautCKHdtDWuKMB9astozgkfLzqb6sRCtvV4MVSZH/XHkW4jeK0jBaSq6 +FCAfr+XBFLf641nKMuNlAlX9wHLUBehAydDFrfyshp+ocBwzYLtZDn47I7EotnGj +vM355EgI3OBJF3cGozi/YIxJbPcetU0J+QKCAQB4vxZT5V5TU5IHkuSY4VRx0nCY +DYEzyg0eMuB7kDczZ0syjmc09RI66a9BUeLf+K3n/eJaqA90DzNPwDOubAqEZRAq +UBxhPJg1nFOnaG4n955ol1liupoJIgCcvMR28apPR9x1vvrDgtZpXlMaHQbvmtER +hJdYyB4coyq2YwHMQN0cU7ru9TvXLiGaJxeGvDToE6DpogBuoN82in/YiqFnkloB +y0wkD1AfuN7fnnUhoqJCShv3o5kcmDlqMXRXTVziZ40VoG4llrXL97XhC9B3OkWh +HhimUXHonPRHgoPPSdQhhYz/xgiICZLGDdGwbUnOp0QYeE0jMdlnVgdxqw+B -----END RSA PRIVATE KEY----- From cb14f5910bccd90037692bbca6c1ed7445b42dcd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Tue, 26 Mar 2019 11:26:39 +0100 Subject: [PATCH 02/21] Add Makefile for cert management MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/nginx.conf | 2 - docker/ssl/certs/ca.crt | 32 ++++----- docker/ssl/certs/ca.key | 52 +++++++-------- docker/ssl/certs/ca.srl | 2 +- docker/ssl/certs/client.crt | 46 ++++++------- docker/ssl/certs/client.csr | 28 -------- docker/ssl/certs/client.key | 98 ++++++++++++++-------------- docker/ssl/certs/crt.sh | 19 ------ docker/ssl/certs/mainflux-server.crt | 44 ++++++------- docker/ssl/certs/mainflux-server.csr | 27 -------- docker/ssl/certs/mainflux-server.key | 98 ++++++++++++++-------------- scripts/Makefile | 35 ++++++++++ 12 files changed, 221 insertions(+), 262 deletions(-) delete mode 100644 docker/ssl/certs/client.csr delete mode 100755 docker/ssl/certs/crt.sh delete mode 100644 docker/ssl/certs/mainflux-server.csr create mode 100644 scripts/Makefile diff --git a/docker/nginx.conf b/docker/nginx.conf index 053c5c5d77..82a591a528 100644 --- a/docker/nginx.conf +++ b/docker/nginx.conf @@ -11,7 +11,6 @@ include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; - # multi_accept on; } # HTTP @@ -39,7 +38,6 @@ http { ssl_certificate /etc/ssl/certs/mainflux-server.crt; ssl_certificate_key /etc/ssl/private/mainflux-server.key; - ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_client_certificate /etc/ssl/certs/ca.crt; ssl_verify_client optional; ssl_verify_depth 2; diff --git a/docker/ssl/certs/ca.crt b/docker/ssl/certs/ca.crt index cfc924eadf..6447d15cc1 100644 --- a/docker/ssl/certs/ca.crt +++ b/docker/ssl/certs/ca.crt @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIDjzCCAnegAwIBAgIUXxpXHD3kBdsNf8uhfT1LzmSKqKMwDQYJKoZIhvcNAQEN +MIIDjzCCAnegAwIBAgIUFueTUVt9kf0mQPlF/7+hzAmX6fcwDQYJKoZIhvcNAQEN BQAwVzESMBAGA1UEAwwJbG9jYWxob3N0MREwDwYDVQQKDAhNYWluZmx1eDEMMAoG A1UECwwDSW9UMSAwHgYJKoZIhvcNAQkBFhFpbmZvQG1haW5mbHV4LmNvbTAeFw0x -OTAzMTkwOTI3MThaFw0xOTA0MTgwOTI3MThaMFcxEjAQBgNVBAMMCWxvY2FsaG9z +OTAzMjYxNTA2MjVaFw0xOTA0MjUxNTA2MjVaMFcxEjAQBgNVBAMMCWxvY2FsaG9z dDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsMA0lvVDEgMB4GCSqGSIb3DQEJ ARYRaW5mb0BtYWluZmx1eC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDVTLSVFZSQ3PaKZ3gz1pSVvExjRSgszyFt8hGEZAaWmaFbuxn9D0BfuVgx -xn30UFBYiNpiFcwTkD5G64IorqrRqSVw65tBkA5Fnn40sHmqT7142kK1yEuBYPSD -LY2HekuEYjTr35B2hYw/lO6ls+dA0gvNlbJc3A+Id9pfE76qBdHzwNN0CBhl6Yug -ViT7G2Dmcrj3bQDAat+GFx82x26af3sFwkcTRMAn15xJcVeJldjVJ1WqvfoSiKof -RpPg2CZs7N2r+WPbleZVbcaAZ+SPp8sqKhQSS6Ab4flet4tlqWa7sAz6UVQr01BI -YOqU0quczwPTdx84up6a1d3F8JNvAgMBAAGjUzBRMB0GA1UdDgQWBBREbFzLj3QN -DCYUgLkCF9vBT/nG+zAfBgNVHSMEGDAWgBREbFzLj3QNDCYUgLkCF9vBT/nG+zAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQBfrYUdQPO0Et6DLTYs -lkkmwLXMFL+LayW/PwwKvqvDVAV/yLqUdFYrDOBuxJbEKP/2MHzai3coRYsbglo5 -sI+CWzoH0FWpM1EuBA1svaL5fRA1mRK6r1G2kIJhkmc4l4LirIbCWntzbxaTpyX/ -1bu9xctQOMV8lUnATOsj01zv3DAwHQ3nqVahdtZGH6Qvazf01D+cLyZiA26l2p+i -6WpfciBL/J9YfgiuhXfrwqUAVZRqJ6OknCVcG3j5cCmKKbMXosk1Ou+W2y2ZTDEk -YuMUHmH0eQ1xATy4Y6V8/gZ86lc6IPUpIH9N0WKSiHFNLkwYh3jgjyYUbQGZv1ku -25Ek +AoIBAQCjC3P/9Qsn9oGXoygFR6sStLPxYwZGMyoZ7ATaYpA/7YgxC3EfMsQgE7JD +rsmnHHxl4hzDoft3aDphkzJL7/fQoLMDAb+L2uB33HDPqnCGbq/38+f3ls8UHZla +RhePwqtfdD1YhdGIWy6jSoaZ4OfWbibFxeLVBs60s44psv9rrXkmWmWeF/fBEeZb +7jTbgF+dGXx3BIGm+oUU+dwmd1qPbVUqJCQuQhoK4+qLqrryTx3HU29b8dkdc7YL +Wf+dsRnOgzGYbLqdrCOYHV8RRVaXXjdTjTiQAMS+RTkTCMU0tQ2Dy3FLqlaOBjJp +QqPvIxEw9+gsrdVqgauu81rRL7P1AgMBAAGjUzBRMB0GA1UdDgQWBBTMrbgB/PYJ +rzpDaGr86FaJ5bqK7TAfBgNVHSMEGDAWgBTMrbgB/PYJrzpDaGr86FaJ5bqK7TAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQBZFcf70eqwU/L9zQTq +Qlh8CW12Sa1pIi39k3SKgaVAXCn/B9rDzqMeJHRLOwAjUiBh+Uq81uX2w7jgl4eH +KPPf8Ca902sC+VpBROs1qYU2HHke5MSJ6MPwDbBD4Y92HYThW/Yeer4pn9yTIhaJ +asNXEofOXm13vqY1P5CJuaOp1wM3frs8aPVwpCq8P6VAeivt7wl5qH2Hz7yah7LZ +UBt4jEAYZtSYcvMyRIVaqp/PZrYtS6iXcN5ITzhEGON5ikoRlGWT2m5fKL2Jn0kA +i4I7tY0T7xLpYyXlc3ZBsjsVpcAlQSolpeyTsds3Y0Ka6TZ/mlcsr/X+38e6Zh9a +cmWg -----END CERTIFICATE----- diff --git a/docker/ssl/certs/ca.key b/docker/ssl/certs/ca.key index d592b4cda4..c43cc902d9 100644 --- a/docker/ssl/certs/ca.key +++ b/docker/ssl/certs/ca.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDVTLSVFZSQ3PaK -Z3gz1pSVvExjRSgszyFt8hGEZAaWmaFbuxn9D0BfuVgxxn30UFBYiNpiFcwTkD5G -64IorqrRqSVw65tBkA5Fnn40sHmqT7142kK1yEuBYPSDLY2HekuEYjTr35B2hYw/ -lO6ls+dA0gvNlbJc3A+Id9pfE76qBdHzwNN0CBhl6YugViT7G2Dmcrj3bQDAat+G -Fx82x26af3sFwkcTRMAn15xJcVeJldjVJ1WqvfoSiKofRpPg2CZs7N2r+WPbleZV -bcaAZ+SPp8sqKhQSS6Ab4flet4tlqWa7sAz6UVQr01BIYOqU0quczwPTdx84up6a -1d3F8JNvAgMBAAECggEAKDK3ia0yfYaXFAhh9+sFv55oCwFai+9RToYjVP8A2tsD -NOVzBWUdbazheSf+Ts/gBH9uILQY7MrvYbA6rG4WlUK6YqiUbuu2NNqk0Es98qHq -hF8l2VpxGGXsTtiD5rdeigl0DcvpTtzmTIlF3IamG2o6fTksDyIN71sfFXIEKchs -wIwMC7gSCA5rjU9Z0EqmK+rPpkJCrRPpQvOVisk4h+0Pddkv9uB5LPA7Lg4pxmYE -ECRs6yGJKxPhm/H5X2ny95wjwzCajRSCMrRYQ4GqLSdCZc+BV7ub7vqfgI7cmNAi -rkjeiVYrUX/hqmY088HRWoUVuVNM3oT+z9Lz6cUOQQKBgQD5Vb35bq9DTSgVzotK -69Knk9NFDT6bvY/wZh6RLkyR+uYfX7ZBwqcHQwhYbHFYnPGa7AP9TnzOGdnSDKmf -pkh0wHN5hd98iczguoroHpqHKMvN9vS5pJwB07sYSJb4o1zAr39pStBRqYOUu2pc -k6pYH4qu/uyh2ycT5XoPQYioIQKBgQDbAF1/4juiFbMQI1r8Oa6by7Ck/rk/HXTj -QEmg/Z+1PSy4LRdSJhiHbjNvwdxz0DqmCkqPO+6Bim9H1i5+LhkAwbJMzaa1OoyI -2Co2P0W7xqFMn+yD4K5HJ17vnMNBvl3nbsxIW5tcbg6VgroA79WfcnA0nKO7Mrcv -fgr/UIGJjwKBgQCnA2sUeLLHdxhhuw+M6PgbLib3ew60Db8r/Yt+HjBGHHUnENqp -o/R0Jc+iQ0mNXNtttahadced2q0QSVEZ0q14Hy16elUgO8HTysCfCVjjLk2OMlzt -OTkS9Du/4WfXNr47h5Ll+aoe+VhdOUjeqD8TdlVUMQhaxsyfRDiFnZUnYQKBgQDU -eaY9TOFOgH8aSTMdQ1mFDjpz2i8gbRPa56SH7Ynl7VRV3Gmj6hIiU2jUJOId+wjr -z1BHZ34fcJBGwiaZhV/8u/ChU2VKr2Np4VATEZA2fqBAF2kBChwMLMaO8yj9wBSb -VYQdL8OsCZtcs1iDUC2SZRU39kFkfe/8w+0niJQlQQKBgQCHmV8bRZX/Q7Pu3rxf -RJRvTUceiHp2YzrgWCSfr/ntSDqf+fxPEK01YNAvDD9mUFapDCNxI3BGrZU6vcX4 -ZBj7lS5pKyIU9TJw9AXYm1CA0Sue5yc93ldhPgc83PF8aYdLklPxANDQ4EgV03D/ -wBh30A1NY2uYGzFaVGRp79i1sg== +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCjC3P/9Qsn9oGX +oygFR6sStLPxYwZGMyoZ7ATaYpA/7YgxC3EfMsQgE7JDrsmnHHxl4hzDoft3aDph +kzJL7/fQoLMDAb+L2uB33HDPqnCGbq/38+f3ls8UHZlaRhePwqtfdD1YhdGIWy6j +SoaZ4OfWbibFxeLVBs60s44psv9rrXkmWmWeF/fBEeZb7jTbgF+dGXx3BIGm+oUU ++dwmd1qPbVUqJCQuQhoK4+qLqrryTx3HU29b8dkdc7YLWf+dsRnOgzGYbLqdrCOY +HV8RRVaXXjdTjTiQAMS+RTkTCMU0tQ2Dy3FLqlaOBjJpQqPvIxEw9+gsrdVqgauu +81rRL7P1AgMBAAECggEBAJ7NkPZEXdFWr3JaX6iE3YMirgD2Si4lt2P4FeH/DjC1 +0miylEOm1o/Hn2F85Lv3atJxIUMKijsLMZHIJL0BxYVWgAT1tvMpBGi6NMaPY3oM +ZShEUDM+mAMnsS3UBy7mlLQsK3QFIsiExzAUbnWCMU0RjIIk84I5Vyt5l4XV6iGd +DqUvmkES/6tMTouqZypI9GTMiW6Nh94L6JK6RYujuZGnw5cVBfSsFjFSPhDhJKTK +cOG883YEC4mtMzTjU9MQhvraNDKxBAL1kyHU0pr7b0bUu0Ipb8sXyY76ssBW4pbZ +OCD0qsIGIlJBzq1IQyJ00DvUS0pc/7uYm4XcOwzH4iECgYEA01rMijuudKbjZ006 +JXz52QOLwar5BdZfR8Qiym/NeJLEFbBa/KZQ6Xh/fF1BUDIWlsQz8ie/uQK+05+G +a8EZFmd1xzCfUdMcBSoeuNVde3PvPrmwk1A5ecIzTJkRvAe3nvnzo4uzMS08P8G+ +7LT5Uoupsgu35jumQNKQiQj8XCMCgYEAxXw/u/BtjT9qW6ssnwYJZxHuDbjtRENC +oODrP8NEggBgpwQhZd0mT0luWMz5pT+putfyQvWJjHY9alJTTVCf/nroZO54lXf4 +yQYbL79tQM3hgN39bYAsVuzH5gPrqpGG0g4TLTzdnyLZiXxlx4wTBK7ZNC1P26Qw +DyNjrp0ZhQcCgYEAsuK+Dh23aZo7DJrrpQEjQs9igXehL5Sirk5OmAKK6QtnlWff +ismF4CWR2YPgnOzX+6Fyyflkp0Wwl9MEZb1Y64KDyCTaI9pHdAOTXyOP7MZSb0eh +MP4Mt4Zr/t/rh7cMbizmTr0V3ICJ5vioDRabk4cMCNssOlywOVs+5A1L8vsCgYEA +wKPQJAuHQgZ/QIZ8k283EtTZq4cd473cq8RblqprFIk7vw/3aD9O1H7j5jmkuH6e +mcV267xKfbsFc8Z0vfGM8JeCRJqfA+awx59uO6h28YUjmSpywTMLjYuR/50JcSxe +IF9cc39xDH/ZRhUTz5CjKKlK9WvR/4Zs3wd9gGJ891cCgYAosQArqfUoEYpKloq1 +GYFK9YrwAU4kPno8kWbt763OfL8yNCYaKwe0KRWHxJrynIsibquNbISNAxyjlp51 +OVLnL5SD4oI1xP+Dant5WPFb/NjRDo8dPl1ARVBHQfI+Eerfb1pVwIwMtlUAe3NK +X0ihyHxT+tiO6oFDnOcEFf7WYQ== -----END PRIVATE KEY----- diff --git a/docker/ssl/certs/ca.srl b/docker/ssl/certs/ca.srl index 195006d428..4ec0c0041b 100644 --- a/docker/ssl/certs/ca.srl +++ b/docker/ssl/certs/ca.srl @@ -1 +1 @@ -760DDBBFEE7C0D40EB6093F7537DC596C9D86DA8 +47875633D0E01A6142FB0C0C3C3428F19A8B1579 diff --git a/docker/ssl/certs/client.crt b/docker/ssl/certs/client.crt index 06074726bc..ee6478448c 100644 --- a/docker/ssl/certs/client.crt +++ b/docker/ssl/certs/client.crt @@ -1,26 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIEUzCCAzsCFHYN27/ufA1A62CT91N9xZbJ2G2oMA0GCSqGSIb3DQEBCwUAMFcx +MIIEVTCCAz0CFEeHVjPQ4BphQvsMDDw0KPGaixV5MA0GCSqGSIb3DQEBCwUAMFcx EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM -A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI1 -MTAyODEyWhcNMTkwNDI0MTAyODEyWjB1MS0wKwYDVQQDDCRlY2E2ZDlhYy03MTli -LTQ0Y2UtYjQ0YS00YzFkMGFlZGUxNzYxETAPBgNVBAoMCE1haW5mbHV4MQ8wDQYD -VQQLDAZjbGllbnQxIDAeBgkqhkiG9w0BCQEWEWluZm9AbWFpbmZsdXguY29tMIIC -IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyLUcyWeidhaRFE3OBbcUWqmO -ls3d6DgJEFY2Td9K2vLoHqrNJD9WjwJFzTHUMR/6OTYN7mpABxBv6Ogbu4Q3A6b2 -ZCbAdIIPLCLS/CKZxNIKFBwQRIbFwkFx36ma5ykWtbAcaULhW3XsA+WPJiPb9OtV -Wo7/VsarSOaXlTaK40+F1fvUF6RWlAN/9JQVL+PUurzbOgjpRdUT2czOyRCiEjf7 -vncFSP4GtIkTsKmkYPmBFXruhD7n62B1bB6AQqYfV8NFjpMauSnmBQYDz8+AK6BP -406FsdDMCS634X8h+WqXT0+lSyLnam/2WLPc6KU6yDka2YGS3+LMFMYdfiu/6JWK -7Laoq2fnqCOEhYU8sQIrBT94SdMMsfnz8xBZxUBnZyvTrClc/efU97bAgMF04rKf -9lBPb0WwgQXOl2s5snKneppFurTKhLh5X10//BPOUfS0REAet+t5mmDAZq7mFvpu -p881o4mpkmnUfwwbMRbLm3+LXUMDI3dyIE4klLuvpgYNExi2oyxUk9qfYhYspPIu -cyGCulJ5PIKD6854H2ZlBQsHoridIaiOfBF7XUuLlHjKX7en5gWEMZwHkd488BR7 -hVXUU6D+APMnFQiQjHlvdHNrvuM5Lo3+ii/FJJDbb5UXI3A12eyPKfxYh1cMQY2n -HH3uGKMm69Eg2PL26WsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAreY7MV7ViZab -pAc8PnKjfC+veP5UkaOKM1TvRtSWTYiNs+ZwtJ7IiwlFZkKZV0Mo/6w/i0RXma35 -mzEliJIdRpz1Qc2mq8CvBKn8rht5TpXwPA+a/dn4E9V74LXQVW55966cZk5ouQxV -8p6npJ/jQZaQiSFeX0IYMr9C0JXGj91bnMzdkxNH3qiI7hUL87+ZlxL2SCChi+qG -3yxGOfz+YqjgQvDjWLd4G50vSxv+iLkkVbncYtKD489CNK+f9oHTpMULjHwqDhsP -NbiRN0JkOOoCpd+U2i69G0OvGjNVcfater2O+PFRohXYqaJrBoKBb5X4OOYdB48O -nHP8B79WLQ== +A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI2 +MTUwODI1WhcNMTkwNDI1MTUwODI1WjB3MS0wKwYDVQQDDCQwNzQ3Yjk3Zi0yM2I0 +LTQ0ZGUtOTUyZC0xYmI3N2NkZWUzZjAxETAPBgNVBAoMCE1haW5mbHV4MREwDwYD +VQQLDAhtYWluZmx1eDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20w +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDdurLwkdVyo9qe06kUVYbm +oWX4GGEtcFwfHS0DM8F072Qm9HXwCIH0R6NYuFniUDU9Xf/JmjnhbJUZRFW/jQvZ +naVbHptR7IJlQxyxrDAtnIrTMXjdtCHcLrppRhym2C9S+AzIa/LqKwZzWQ71ZlUI +SgP3uSvewVnUquJLBFsEmhpyaxkLQNVWLtrW4BXSuHeyfI2j00+dzPFyOWA59d2O +y694PVBZ/q9iYids3So9oMP+jLh2Jl0uV1C7RIloCETTHWxbv2j76/mzIFOh56t3 +Y2Pcy4RSPEk9IXmG94LRpoj9GMo6MsbGwfWp1hHN9emXjPxQr5dqF+E6WOOW3tYA +ikrZ9Z/V++Tv73kPs0OskKkrZXst/2huH6Z1IrrDBBuTSIGqFgGDmoZGSFoccDpQ +C8JhRSYNrkhx5B00sTkRK6R2+gSy+PvfBvQQgsFM3C3QHgYQVb8xxbPmx7I+pidc +JaqwM8/8wtOos8NS/fBBc8CvCjjv/t/wFBdySK/+bOIWROWB2BV8ljy/CPLSq8Tx +mAjmeelyZ6XvyQuOOtKOfNNEV1caSY8g5uTKqG2VZvKeLf6lwTnIcVwhuQSIjCVW +3Qu7CLxabSfJtDqQKwL2kK3RKrwafs1IwJuX4pJdo4jjsST5YfmXz9zgI+JSXUX5 +mNim0GNbGpjgSoEnXyQTSwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBa2QZhpE8g +xlm63VvMAW9tEET+02baOBaKwsP8f/uEthw4r7fumMEwf2IIgO+y9VbBO3z9lRzK +vWkPioMp38iuqm4gPchrU+e3t8gSiexrA1i+RkLxQovkbK9xVQi/KcL/e/wb1kYo +GwsP70JE+Tx6WYFDldrTiBUesS8Kz4YvwbqWOws0kHpmCrko5iDVMjjlo/44WNqu +MECAPr/o5HhjHstS0LZJhYzzEGkXoo2Fl5k2UK1nm9BmJNKQeEhUmWHJxxSCvwoR +j+fz3Fzw4bH3BNkhT/qoiSQtORJjp/ZV3A62ZYMpygEJHjWbUQudYHwhQPtsO8kY +71rmZM67eV1E -----END CERTIFICATE----- diff --git a/docker/ssl/certs/client.csr b/docker/ssl/certs/client.csr deleted file mode 100644 index 7a82793cc9..0000000000 --- a/docker/ssl/certs/client.csr +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIEujCCAqICAQAwdTEtMCsGA1UEAwwkZWNhNmQ5YWMtNzE5Yi00NGNlLWI0NGEt -NGMxZDBhZWRlMTc2MREwDwYDVQQKDAhNYWluZmx1eDEPMA0GA1UECwwGY2xpZW50 -MSAwHgYJKoZIhvcNAQkBFhFpbmZvQG1haW5mbHV4LmNvbTCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAMi1HMlnonYWkRRNzgW3FFqpjpbN3eg4CRBWNk3f -Stry6B6qzSQ/Vo8CRc0x1DEf+jk2De5qQAcQb+joG7uENwOm9mQmwHSCDywi0vwi -mcTSChQcEESGxcJBcd+pmucpFrWwHGlC4Vt17APljyYj2/TrVVqO/1bGq0jml5U2 -iuNPhdX71BekVpQDf/SUFS/j1Lq82zoI6UXVE9nMzskQohI3+753BUj+BrSJE7Cp -pGD5gRV67oQ+5+tgdWwegEKmH1fDRY6TGrkp5gUGA8/PgCugT+NOhbHQzAkut+F/ -Iflql09PpUsi52pv9liz3OilOsg5GtmBkt/izBTGHX4rv+iViuy2qKtn56gjhIWF -PLECKwU/eEnTDLH58/MQWcVAZ2cr06wpXP3n1Pe2wIDBdOKyn/ZQT29FsIEFzpdr -ObJyp3qaRbq0yoS4eV9dP/wTzlH0tERAHrfreZpgwGau5hb6bqfPNaOJqZJp1H8M -GzEWy5t/i11DAyN3ciBOJJS7r6YGDRMYtqMsVJPan2IWLKTyLnMhgrpSeTyCg+vO -eB9mZQULB6K4nSGojnwRe11Li5R4yl+3p+YFhDGcB5HePPAUe4VV1FOg/gDzJxUI -kIx5b3Rza77jOS6N/oovxSSQ22+VFyNwNdnsjyn8WIdXDEGNpxx97hijJuvRINjy -9ulrAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAVpJYIcfwABfG8kjJMwlDFZ70 -/XQfSigSxiKxMC0XZtN5F3h08hQZkQWjuWLV+f4CdBJLgMAAuAj8+4pdzL3FDq/J -TBZKWjVEQ85jkPBr9MPG35VCz2/3QRLwIbFWIi9UtCQCuSI4xix1i45tQRpGiN92 -gbM2A4ZcJpsxLmdTps8ELODQCflW2Br9L9w+y0l8ndjcB4ec3znnSfIfjDFxGV1h -w3LFNUUoiOvOnSbafwF8a3gUc5p3tna/xk5IdIeErFsqzrdJ8Q3Tqoo5eJymadYs -lqo6xzPYvc2oZBa8M+ZmKETkt6vA84Obzu5gcGEio6eEroQpNyBchCegQPW/LHNc -yg3kBES9t7edoZsoQHQ1YNkFVA4yV5Fqh+TP3eOYSZo7lilrizgDhJRamdxFteqd -bLf0zObTBBYTAhXOH2th4ptFo2hGyxl+wruOSZ9NbB9otzZU5q/vgVbRC3f1B46s -g5Tq8c6Bj6aqt6eLanEUZ1dAwKVruekudve7Bm1FTQgLGBVNuglzDNoJqNZaIMEk -mNytDxYYIhm+xi+Bv1UWJC60ozpLwQTMSnmz75laE7d9K2Vtx6IgN3LKW6VTEZsm -mrQ1G9N1qKptpVnev7Bkjd2hS/jFYnOf0huTQKAG260NmKVEj58seuDZBdgVuoaV -BRWKjTZUg/m993ip/Gg= ------END CERTIFICATE REQUEST----- diff --git a/docker/ssl/certs/client.key b/docker/ssl/certs/client.key index 5008bcbddb..2e293b122a 100644 --- a/docker/ssl/certs/client.key +++ b/docker/ssl/certs/client.key @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEAyLUcyWeidhaRFE3OBbcUWqmOls3d6DgJEFY2Td9K2vLoHqrN -JD9WjwJFzTHUMR/6OTYN7mpABxBv6Ogbu4Q3A6b2ZCbAdIIPLCLS/CKZxNIKFBwQ -RIbFwkFx36ma5ykWtbAcaULhW3XsA+WPJiPb9OtVWo7/VsarSOaXlTaK40+F1fvU -F6RWlAN/9JQVL+PUurzbOgjpRdUT2czOyRCiEjf7vncFSP4GtIkTsKmkYPmBFXru -hD7n62B1bB6AQqYfV8NFjpMauSnmBQYDz8+AK6BP406FsdDMCS634X8h+WqXT0+l -SyLnam/2WLPc6KU6yDka2YGS3+LMFMYdfiu/6JWK7Laoq2fnqCOEhYU8sQIrBT94 -SdMMsfnz8xBZxUBnZyvTrClc/efU97bAgMF04rKf9lBPb0WwgQXOl2s5snKneppF -urTKhLh5X10//BPOUfS0REAet+t5mmDAZq7mFvpup881o4mpkmnUfwwbMRbLm3+L -XUMDI3dyIE4klLuvpgYNExi2oyxUk9qfYhYspPIucyGCulJ5PIKD6854H2ZlBQsH -oridIaiOfBF7XUuLlHjKX7en5gWEMZwHkd488BR7hVXUU6D+APMnFQiQjHlvdHNr -vuM5Lo3+ii/FJJDbb5UXI3A12eyPKfxYh1cMQY2nHH3uGKMm69Eg2PL26WsCAwEA -AQKCAgAC/4mdjJnFr9Kc/giM105LiGrj39FnzaZ9Avyurx48JRLImn6UAwo0+rC2 -Pv9PeI3RWvhcTmQEdv9k+Eqpw3Da8hyOJHINi3/UhfSm5ZFsekLCSCUKEQVVQIsF -70+sElYPgsD55ZDeP+W1rTE1PaXkg7tzrd0sm60lWqR7CySJ/r8eEjP54m+UqHS5 -35htbbbYz0drF4T8kRFJ2KBiKohxQzrUfoyqqXjKK54Kro4REMkX3A1CFnp6bqdy -ZQY/eKHROs6IMbRdfb2853kZGp1siWmIGL0widDydiszCCYmxqvZ+HOcqrnQQjno -2076frVhFlFLXH8oLwgja043e0nTldfU47WVhyrQ/VA/v062ThmPcGcbUhqzHfRo -44VOnqE/k/F2r6M51VDrmFbgzlvrnhUTNEBVEbZJPkHa7lXFpGu/U4lDcnYpVlXM -p/LRuBKs2R5csekhz2QhfUekTMszPExhIVWjM+e5Zzu5yNvmjGxRXK6Un/Z0AFuG -qNCWmRy/2+yMJ+BvGPoF5gil6lO6K5v2mTiJ7tyMNqYxuZTc6/0oXOfsa25NcMEv -4Oce6Vs8mtL9kwNGOx8XogcRHN18tsEbAs+XBC1TckD7dTagBDuLfyi0l3pVHa9v -HABap2Spup99brr1/1M8L1DOt9DncG0nK2IqO+1M9YbTf3XBcQKCAQEA79eitve7 -Y89PKOyI8GAHzorvcLa9l3KqTLtPfk5lM9lEwC9OdlGoki/8puL0ibn6CjmyJ1qa -wF003jR8SJmllCmUZGnTShqUEJvmVfZO9nM/OvkXAQPpQTJ87pSpwyGSXTxC/vO6 -oYMw1Tgt8GruDvhDRoyxJBjRCQQnDMrS3pI0rn2OIC0KbcluXEqE3dBPRAgc4fmq -kXm4pOlpjOI8KnWJZChpXSfasJMbzoyYRY18v4zAFplwDUqpIQyLtXsh5bGNZdb6 -KyD/p/8ASb5GDrZLOOAkGl0r43IK7bILi11sY7bzqSFoqSOqLiHbaFoMGX/rY9i0 -6M4GhrGzHxb2qQKCAQEA1jqMzJOWpqcUshklwGku33XYGvgCohnXZCCfZ6GyLH3e -HwOlUlDEU53xlJRKyGgFrsFzqoQLKTACArS6mF+6tdvXOzIzUjWdXyKCPx9mzTx/ -0kGhzODUR/j12ni57kB1DkMEZeQnyMpBbZ1brSj22hl7AEQmGFuOn7ap7y11EEbE -DwVuXyY8l4y/fzwJKD3fIwBdyIVcRCQasdPwZxYl9AEsJFAaaJr3Muo2qS0Nl92t -is0T/eztGy4XfBrjqP4O+C86Hdrgtly2GA2+7NJ598gjB8NeEhjIWVe6w6cxJQzB -OObXExIpBFb4NYEwFX7jyDLNmEvhOD8Jrucqdavv8wKCAQBTtuWBjainpuWPeDg4 -BpzS9+WpZu94HDra+4o8oOpsFYsMtbZiUBBRrlQ2gAMwy2w+A3Nujw5y1FWutY0n -3hFQTM8R2Wo5dFt4DKJyIL3hAcrxL55a6V2SNygqMlOq2132EyGjUbkzxNHXqntG -blxXd0osJtFxswPLbNqgeW7u5wNiYEqqam44cdWGezAzKBFywo4qRfXGP0E2to3z -8cdkXpAtGHnmXRHVDhPnnWVM6ZzAU0V83eOhkAzGj1V4a9kiDj43bLj3MtZpcfVM -yBA19GT/HiUb2qeGBPlRjBLBe0No7qPPxex9FQjCf2jQ3JValS65NBu5IqhefUnz -MRW5AoIBAQCWeGmNB905EQIoViF+FGMn8c3oo2q2ERCI86EDWT+coIvznMvyFWjQ -ko+snLwqJ2ZWaOqlSjnMpDvFSswFWrf6JH/4xDnn9GClAcgaLiQ249ekBxVuojx4 -kRWebk2qWvvdGJVuO+L11Zo/M9fAuJUqe9s5RKS9VxHGfLa/mF4xIIN1SYtMqb7F -c8bNx41nBo5EN22n+oPkGLfnT8X7okLmMCyhFOJ3tuEKkhfynAKAOOQ8Ke9w24lv -HeDA+uINQOWizQk1Dxfm/xenrX/9N5kTwS9ZtI/OhjmzBzvXUQfjziGppfpLGuZU -dgHBEwyDDK1RYN2nqyR2LVDP2O6p2CqhAoIBAGGsV570dFCfCrnU3v0HnbjmNFwo -lqcEO2ez8timFgnjpUcZvIxIGvoEQKnqt9NzHx4faGygThBTCsAJkBMLM04SdfGz -YumMLqTKkUDmjmb0zwnT9XrYUfI8EM9X3rjkMWDdG05E15i9G6ZvdS7CZc5Mz0Qu -gquSww2QkB9mO2FjgnIVQa81v4D2OqEd7LbaFFJvA3XSRCaefP8Tpz/jT6ygk3BK -y51RUfsy1LFaf8CX5oYQlWH58EnWfLoQJaAlc9WXUM8ra1rRDQ9cUjdprK626aEF -7YUJ3RrhMOQvUclXVu9H6Sz54yU9QXmpivtatC6DhaL0kFYBGeRc//3ex2M= +MIIJKgIBAAKCAgEA3bqy8JHVcqPantOpFFWG5qFl+BhhLXBcHx0tAzPBdO9kJvR1 +8AiB9EejWLhZ4lA1PV3/yZo54WyVGURVv40L2Z2lWx6bUeyCZUMcsawwLZyK0zF4 +3bQh3C66aUYcptgvUvgMyGvy6isGc1kO9WZVCEoD97kr3sFZ1KriSwRbBJoacmsZ +C0DVVi7a1uAV0rh3snyNo9NPnczxcjlgOfXdjsuveD1QWf6vYmInbN0qPaDD/oy4 +diZdLldQu0SJaAhE0x1sW79o++v5syBToeerd2Nj3MuEUjxJPSF5hveC0aaI/RjK +OjLGxsH1qdYRzfXpl4z8UK+XahfhOljjlt7WAIpK2fWf1fvk7+95D7NDrJCpK2V7 +Lf9obh+mdSK6wwQbk0iBqhYBg5qGRkhaHHA6UAvCYUUmDa5IceQdNLE5ESukdvoE +svj73wb0EILBTNwt0B4GEFW/McWz5seyPqYnXCWqsDPP/MLTqLPDUv3wQXPArwo4 +7/7f8BQXckiv/mziFkTlgdgVfJY8vwjy0qvE8ZgI5nnpcmel78kLjjrSjnzTRFdX +GkmPIObkyqhtlWbyni3+pcE5yHFcIbkEiIwlVt0Luwi8Wm0nybQ6kCsC9pCt0Sq8 +Gn7NSMCbl+KSXaOI47Ek+WH5l8/c4CPiUl1F+ZjYptBjWxqY4EqBJ18kE0sCAwEA +AQKCAgEArvuQC9qLIJW/CmjvnmSAubHVzx0uU7XAfa2AwG4v1iC2YSe7i1qrdCS0 +/GdASCIUYgG0w107IHOYlwAey7R8DZkjze0xlk2X+mIkWvMQcm6AAHuibxShRCp8 +Ymg6ZFFnx4qKTAElCzg5Nv6pl3DS2l/PEcjInlrokbTqMVmWmuMiy/lJImBf/Eut +2LWvg0Sg8fLptMgmpNoAEazGC/fEidSk/bclmmAr+PCNPJStqUUeZ9yWFmfgUZoG +1EMaTUd5SUKHKUC9kVKBFKQGXFeAMg/112GlY2DAS8YHKkRasSlEIrlVnuhDhse7 +H/UYx/myBy/0T5jDXa7KyEkuEvp41yutiIiNI1OPrBPMiruCwoVI5B/gJcroTL6I ++BN6EebymfnkS/VRyq8/dJtVQ/Ce2OUU3M5HjBVePBMuOF5CCdPKTY3yUo1DioYQ +AygYzn42uS4o+XtfEWg80AS1jGiRQ/qKvaz8xaocUXETUQik0gTdd2lCN2jsl1+B +jB5mLzihHBAW4azHa1yDQNnZVs8QwgYke6qtylegWsHNKfb5jFQoHMW3PU6hsV9e +GTAjs36zmiOb92X6arMtPCwcI/YnhEamq9VVkg60sp1VzRStBW+UW0i9Yqsy/6lO +oRRNHhvbOlggFzj152/8mQotkAuA/yZQ48VoyU41V3y6mle08YECggEBAPvJ/iI7 +ZGukZ5DVAn4hnmmwjT/S2rf+66w8DZTZzS6ScF1ywqZKFsNiYrWkzt9oocSfgO3H +FwZ/kvypPPSNF7IG0H6Ko0JbI41NBudYLnkEu5N7Rsg+6kRfV5wYMJ8pEjandI4n ++ths3O0azgtcQ9jjHPkRWrDYprYU2pStUJEvIAGCiYYOBk8NAw5BE6D4Bl7gWhDQ +3HoSdM6Qn/4MaNI8dJYiooe9BduCusw9XL9CNMy64PwIkCpyk2d0YdGX4Yzf3lnk +8CKWEyjKjNMCNcq+xVGbWJf4qcnsbm7J9ktqQsGH5LiJm/b/njmCwxYPVCMKV5xs +SHU1fZXCC/BPkAMCggEBAOFwAj7A7MnaIm18qLU+k1HMk/d3HeLNsZ4dCYbmHvii +/T0IxusncomOtHAXJyBtNqxHu4oTAM7G7FxBWBiRAgn4FcplWWgxqVTagji2lDw/ +5D9Lq45AL7XYiZ58tQ9wbUaR3QJ2JAPQRF1Dz8STdnL+N7YILcfPxNpDebpVsB8D +hTSaHv1IzDm65OXvKMQzHY68mIgYC8iyeUPa+fAYYB/G1tBZ329NxQhgUSBFvppF +GOvJjglUxnwXsM05v5rHI+i6KhOwsQgNDcTF7avmfTxw893B8X7RjslQRhEnTsnq +zdLGOeDtoDBGvbRUQ2dIVVtu/LCEcYcF/FXcGO1FARkCggEBAIWE0sfSWOkf8G+E +FWNPbpK7Ndvvc154xv65hbY2XTDiJMXZMlE+Hp4TkSajs7QS5x2+O39bwOEIS6jC +EfnYzATyyiMgX3yzmcG3Y/7P6yzvjoyhpaJQgqgpKusyhK4R+H+VAyDTIJkd+XWe +bj7l+XCM1vNY+Y+oA5ewrUyEL6IdrEpAr66vxzaqPsGTTtZgT/iF3hzmtNPi76AO +X1k3uWoq9uQaj7eNTArgYzAlJgaiFB+wxdfArrpjsbj9pVWgxdGPcXiYB6M/k/9g +kZbfqCjQSxCAYVWNXnQedV04qevJ+IZqCqa1CkjLulri9ZLAJCzEsjrXzQCikesV +UIFpn4MCggEAHmlm1CJgjyZvKIf9ll23r/xCJcsa7ALFqEfQhjM7EF2kffxWIVjz ++ZyXuNtWuuggzQLsSMchf8OUFSn3gXDmboPaJLChbA3vAvRrRs1SmAIif2ts3EbK +aOSqRAgcwNVw2GlLAE8BssYAwvgn6iPegcrLpzHZQzBDJRKfNETk+noWGS+FaLPO +YSdWQ7KMtFMU9LF6fjmINW3mMAI1X29aYE8JoZfOLYy3PNcJeqoN+W/C2eQZ1iZq +lEj53+WfdHjS3k1m6bsXVre0GMx+sIbqdCHktBC6zFnmwj+jBCNiXJjhZUK6gh5s +UrboVpBbe25lnW0Oh52GVym2jbqgXjnF2QKCAQEAjjDttRRZpxWYe8nWKwb6M85f +GQ3wopQ35bxjNaT0D3asfcLYVA54buXeQKUwRJz91zNPoPDXvliT71wpnaToFRB/ +Kad69NG48+KswNnIhDZ0ImXinV3NDS5Zq5wUp2ROq3G0GRRuEYd4q4nFzFwi7NY3 +YVi5RN75fdViq2J0DdWm+/REvju3nQgu/g9INxMK/qpOY8Rc2Yi0cTOuNlhTzjJP +dGSyFkCLuXyaTgc9Dimg/mVDPRoJxz9xIj4VE/ZYdCVl1zRmM0wssHQsxPgYalQD +uDdIhmPnGuWSN88OFTwthSktfgsYd/VRxIOMxaNL8Ibk6ulXy2cbrhmbzn2cKQ== -----END RSA PRIVATE KEY----- diff --git a/docker/ssl/certs/crt.sh b/docker/ssl/certs/crt.sh deleted file mode 100755 index c88175a802..0000000000 --- a/docker/ssl/certs/crt.sh +++ /dev/null @@ -1,19 +0,0 @@ -# Create ca. -openssl req -newkey rsa:2048 -x509 -nodes -sha512 \ - -keyout ca.key -out ca.crt -subj "/CN=localhost/O=Mainflux/OU=IoT/emailAddress=info@mainflux.com" - - -# Create mainflux server key and CSR. -openssl genrsa -out mainflux-server.key 4096 -openssl req -new -sha256 -key mainflux-server.key -out mainflux-server.csr -subj "/CN=localhost/O=Mainflux/OU=mainflux_server/emailAddress=info@mainflux.com" - -# Sign server CSR. -openssl x509 -req -in mainflux-server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out mainflux-server.crt - - -# Create client key and CSR. -openssl genrsa -out client.key 4096 -openssl req -new -sha256 -key client.key -out client.csr -subj "/CN=CLIENT_KEY/O=Mainflux/OU=client/emailAddress=info@mainflux.com" - -# Sign client CSR. -openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt diff --git a/docker/ssl/certs/mainflux-server.crt b/docker/ssl/certs/mainflux-server.crt index d960101bc1..f939f50249 100644 --- a/docker/ssl/certs/mainflux-server.crt +++ b/docker/ssl/certs/mainflux-server.crt @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEQTCCAykCFHYN27/ufA1A62CT91N9xZbJ2G2jMA0GCSqGSIb3DQEBCwUAMFcx +MIIEOjCCAyICFEeHVjPQ4BphQvsMDDw0KPGaixV3MA0GCSqGSIb3DQEBCwUAMFcx EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM -A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzE5 -MDkyNzE5WhcNMTkwNDE4MDkyNzE5WjBjMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAP -BgNVBAoMCE1haW5mbHV4MRgwFgYDVQQLDA9tYWluZmx1eF9zZXJ2ZXIxIDAeBgkq -hkiG9w0BCQEWEWluZm9AbWFpbmZsdXguY29tMIICIjANBgkqhkiG9w0BAQEFAAOC -Ag8AMIICCgKCAgEA88Ti462RHsHVvE2VSfslOnfpJnakVv/wju+JyjRiSgbFoQ1K -QXtojtYIzKmnc3k5c0spXfNFbOB+FM8BQxCX6ALXTXGAxgFY5UGOeFaYWVlcZgiF -GzeT6zb3eZxIpcBhrjLzWLheAe/2HMv0bODL7CUkvFDMwDwY38GDqhPdVtToHdW/ -H5rGKamFhH7A5BYYyYR7UP482NWJHvsPJzOek8hV9H1fl+xwxx+gDxF3p4hAeJr+ -qac5LJC3vwfipw/If2f8vc6rlF8u54wcTE4Wu6kDHUFcSFBkNsf2Z+LrHCk9smIV -xbqFgsyWWmcW/BRVsPzSHwXC0mDIFQIjJ7sytM8m6b66N3eo8dRBbFzQOL89ezHw -sJAEgnxAh83Gx59Gzc5FHnJ1fA/Mx1fxQrnxa0i8JUaaEmayOtbDOE47W6LI/5OZ -Ly/4hGl4gy8XADnjypSA3yjwailHia31McXRXegIZpPwmfCSe/x6/xZX9JJZEQCW -BrTIqX0Uh4Im86YPsHT2F3qc3/RcrzvmP2T/0oBcEbLoMYEDCFJO+vXxESUS1rD7 -NaA5iEcScl9+PzVcwYa0iZ0axk6tZP4iOLy/J1dM7t1wBUWyq6qOxu4li90LQobu -aIk6p/Yt804bnRyhuxfEFx9RHXp3ldlw0txthIVVXOR1OOO/LD9gwnrw5SUCAwEA -ATANBgkqhkiG9w0BAQsFAAOCAQEApxsJddnftiIgaDcvgYs/YTY7YXOwnBmZdBl1 -b2k7tLMj6B76d/ni4CmMmSO1UAYH5vpbdXkQUffJ2BPZ4jIlq0RpTX2oe+0+YQTC -DGKR3UTEVKL9lrA4ihSJj9vmpNO53OCOMo/oxRtUig5bSUO+Z9WMiLS4B7P2UK2X -miSIbD6cT+4Nm5IUdeDoq+7Z2iyT/VMJYj9A5xtIQMPsn8zwjX7KXc2yfIVTvfCA -S4Dj2R61joC2k6xOI6uM1EgHVz/+RBlxmf8qd7FywDS6XfkhUvCzEtPzAJFZT3rg -X1IoHRUcwM5jomktGHF0vJh+x4LSLsHbFEcQwIAuMFi4cOwSzg== +A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI2 +MTUwNjQzWhcNMTkwNDI1MTUwNjQzWjBcMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAP +BgNVBAoMCE1haW5mbHV4MREwDwYDVQQLDAhtYWluZmx1eDEgMB4GCSqGSIb3DQEJ +ARYRaW5mb0BtYWluZmx1eC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQC8dDZCRv1ZAk8X8qpGY0b/U1uugNkzJZT5bQem5FuyJilkqdLuaBa9O+fR +b93GzZ7hc6IPWiG77ARZUWXsh4UsrVh7wBnvGu4syp4fTqjMZKNrRViijDYPRpql +bkKZqebSg2bN8BRjNz7nHLzV3viNjxtwJRWF48KDNcERdjsqRHtdZVFl4K/cmDYc +1WOT1F6EzlePUplgnEisK79dRXBpUesMGXc6BPpX3eJVl+MHdOvZUoMQHRb4EwJR +Uf16CIblCV2zp8zpXJQ2isoZ4FZACF0hr49Lr+OqsMbSsjBY9TGccuN6WZi/XqWp +YwRIOlu57zdDiXnXd6ANge2l/90LQAGtbnEu69Z+22g0gw2L0d0cPkLjxdlzHcUl +nJig/OEY/whgNC6vB/QJ9TF3ZxFwkLfVWbVNc/nT07gHwCqTppC99RrXI40tInzN +SVpTc0ELXk8X5IXUNdHfmwEUtFE7CXdvD+JJihTtvAMKopMDEGNYSXkAOLGDaHud +9VbkVJq4aT9g9DC7Xha8ev9czVCHNaxFDl2CyXyHuEjVO6pSGU/ifq76W4i7piEU +wNqsS6f6XM6O48iXCESR/Pb7n2yIn4CSwRLmn8N01NXmIMrGWEGqZw4kUIAMnqxf +G96+PyczHSbXh8hvxvq1Elaeke310QMKGcOS1X5NlsNnFtroOwIDAQABMA0GCSqG +SIb3DQEBCwUAA4IBAQCEH9TPw0f2AR05R4qpqdR3Mb97y8eFLgViywp44AzJbMIg +iGXZqvnLxWI3T8O1uHgNOrm35Kq+F2HNLbnwoNMEjIYtO2dAUpPaCBLKxaWHYwKt +KPgBg4oXDL4tCGFNsg9Im4nlwaZt/KiTqw8rOxY/A4Oeu/Tz8eiTaymTvGZID9kR +Io5KSJnoUsmJ3jJP48G0Kyb7C3ma6y/4VRJGoZsJZ45yzaw7ZE0iExHMUEV8aXlG +c3T8/HvPzYUrgHrWPB+39mD8WZCkpTsMUoLvQfKZsg79Rjms+Ar77vj11vcwISKy +wVN6FWCeMfMR2jLltLUkrIgVQkEwJGhRwcn2+295 -----END CERTIFICATE----- diff --git a/docker/ssl/certs/mainflux-server.csr b/docker/ssl/certs/mainflux-server.csr deleted file mode 100644 index ecfeb6ee7c..0000000000 --- a/docker/ssl/certs/mainflux-server.csr +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIEqDCCApACAQAwYzESMBAGA1UEAwwJbG9jYWxob3N0MREwDwYDVQQKDAhNYWlu -Zmx1eDEYMBYGA1UECwwPbWFpbmZsdXhfc2VydmVyMSAwHgYJKoZIhvcNAQkBFhFp -bmZvQG1haW5mbHV4LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB -APPE4uOtkR7B1bxNlUn7JTp36SZ2pFb/8I7vico0YkoGxaENSkF7aI7WCMypp3N5 -OXNLKV3zRWzgfhTPAUMQl+gC101xgMYBWOVBjnhWmFlZXGYIhRs3k+s293mcSKXA -Ya4y81i4XgHv9hzL9Gzgy+wlJLxQzMA8GN/Bg6oT3VbU6B3Vvx+aximphYR+wOQW -GMmEe1D+PNjViR77DycznpPIVfR9X5fscMcfoA8Rd6eIQHia/qmnOSyQt78H4qcP -yH9n/L3Oq5RfLueMHExOFrupAx1BXEhQZDbH9mfi6xwpPbJiFcW6hYLMllpnFvwU -VbD80h8FwtJgyBUCIye7MrTPJum+ujd3qPHUQWxc0Di/PXsx8LCQBIJ8QIfNxsef -Rs3ORR5ydXwPzMdX8UK58WtIvCVGmhJmsjrWwzhOO1uiyP+TmS8v+IRpeIMvFwA5 -48qUgN8o8GopR4mt9THF0V3oCGaT8Jnwknv8ev8WV/SSWREAlga0yKl9FIeCJvOm -D7B09hd6nN/0XK875j9k/9KAXBGy6DGBAwhSTvr18RElEtaw+zWgOYhHEnJffj81 -XMGGtImdGsZOrWT+Iji8vydXTO7dcAVFsquqjsbuJYvdC0KG7miJOqf2LfNOG50c -obsXxBcfUR16d5XZcNLcbYSFVVzkdTjjvyw/YMJ68OUlAgMBAAGgADANBgkqhkiG -9w0BAQsFAAOCAgEA6OXmgeEdkzwPdGw3oau6ZLPXA9NHHmRhBVG6bgJj59/P/tUu -+yecjqwKl/lC6uoBGPujSnMPBScjNft7XfhaUcmZtFoizot2gTSWBnaQyC9xvdS8 -bwjV3CCIo7VeNd6b6EPyoogbiG5cHuGDQqJHJFQ6P7QGxqqb20rAAPrXK2yG3ZYI -JXDc+tZEgf6jrlfMA8noBVKV8mH7Y0r22gzGd1OjtKNPDpquKGfuTIYuT/pZMKf9 -I35LGmjM2DKV4RDOxNi84C7dR8hTFtFFIS15M6NVajnWDS0wQ+pDRY1+VmaKjYV5 -PHT767Bnyb/o2gfNTMWCB7PsqRBVGSzAkKZAqS4YJo5Y5pDkHFnFbePXc//U0E+U -+wEm3axIUDTD0PiDp9wlQ/oNTbxejWGbSjmN3ArMuftaDuoYhcbNqAgCD54kEON6 -w9DHZyJTBBXTokgdgRWAaZMDBPIst4pvUxmPMwS0YGppDumElTCv5yO4k6VvD4X/ -YTo3pajQq7/2y56778K6wvF7jb4U3CgEK/6t6CZDA8mfNoM64zz4yENeNkLsYfb8 -/LL6a1ihVB4H0qaz98q0ao8elV55GJlBxphm9/GHgGxuUcMgKOM91OsyENvMbHWX -vxAClR0Lb3R7m6oV9x8kF92dEQzEs9Ko5wV2t59MZVzlELr0aezdGXOrF6c= ------END CERTIFICATE REQUEST----- diff --git a/docker/ssl/certs/mainflux-server.key b/docker/ssl/certs/mainflux-server.key index 545b852d8e..b871d63679 100644 --- a/docker/ssl/certs/mainflux-server.key +++ b/docker/ssl/certs/mainflux-server.key @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEA88Ti462RHsHVvE2VSfslOnfpJnakVv/wju+JyjRiSgbFoQ1K -QXtojtYIzKmnc3k5c0spXfNFbOB+FM8BQxCX6ALXTXGAxgFY5UGOeFaYWVlcZgiF -GzeT6zb3eZxIpcBhrjLzWLheAe/2HMv0bODL7CUkvFDMwDwY38GDqhPdVtToHdW/ -H5rGKamFhH7A5BYYyYR7UP482NWJHvsPJzOek8hV9H1fl+xwxx+gDxF3p4hAeJr+ -qac5LJC3vwfipw/If2f8vc6rlF8u54wcTE4Wu6kDHUFcSFBkNsf2Z+LrHCk9smIV -xbqFgsyWWmcW/BRVsPzSHwXC0mDIFQIjJ7sytM8m6b66N3eo8dRBbFzQOL89ezHw -sJAEgnxAh83Gx59Gzc5FHnJ1fA/Mx1fxQrnxa0i8JUaaEmayOtbDOE47W6LI/5OZ -Ly/4hGl4gy8XADnjypSA3yjwailHia31McXRXegIZpPwmfCSe/x6/xZX9JJZEQCW -BrTIqX0Uh4Im86YPsHT2F3qc3/RcrzvmP2T/0oBcEbLoMYEDCFJO+vXxESUS1rD7 -NaA5iEcScl9+PzVcwYa0iZ0axk6tZP4iOLy/J1dM7t1wBUWyq6qOxu4li90LQobu -aIk6p/Yt804bnRyhuxfEFx9RHXp3ldlw0txthIVVXOR1OOO/LD9gwnrw5SUCAwEA -AQKCAgEAlhWclA1jEgrJq5wg1GHac/ssA1B8skv2MirtLR+/fFBbEWN7WoG+yGKj -HE9AF+qFIqUeHQgQsI4vUmR5JG9s9534LWg6nq5pqw0HyLOYLTrFltScDzvSyLkY -+TjtyY9/FJ+uD+vDhXHWl7hDD14Ab64WxhMBXUIjFnCwveBpIHMJToUxnSXP6ArF -d+QKouOv8zKsMhu2HtKqD/cHR12Svu5TbapbVtBuR0sDYwOgJffPqfHT5WRd4UBg -wS77r1waV8cQZ1R9c2Z/HHS5X4mcmYHftv1s8eD9MnU/Eos1sir6H4AgY5MJbJTF -5XcfQajLcaLXQ95qKtkHl1eviWDKQDC3szH164DtzShn272Lm+5fxpGXhy0QUDa7 -3VuqnN70DLswkSvlS9i07yBllZVycFjsU0x77hY6Z9vEvpq+d/fVcjuV5UX5KYJ4 -2ahqbSOpozfcnjyoj2AUBrYWhPpiksPWi6HvFJuDoljXxC/dFweiHbXT82+jseb+ -bKC3GVaSH3C7Jy7cXG7MbbJ5LtQdvN4/VcGHIM0In3dyAfEwSv5LXWsMxQiCNFCD -gPMzROwpRup/MrgVFsdnwdOqbyXx9zlQU6FehhQ/0FUM8owESqb8lkaNqASYY4Iw -ShvJR+wyl1eUPmQh+waxBNrwND3/1QgZZ0mkNCPhkQX17JPNWOkCggEBAP6aRLS0 -YqWWYb4agrOhav+C1ae8g6V8/BA2i3nfBcTQlzy4K6Ov120a1qdNbCYyEDsSq/vG -o+ExM9En6O46J+VZEWfy9BUJknzEUwK866evSXudHenavgqJLADfHR3JCAR1GUOE -jsKdHF39TEH3Lk4cZUG1ZJ18pE5441Vj64np399yAUmXhESJXlp5XAiavFcqd3d7 -jq3cc2Sd4B2nWtoyb5XEf44ojZnRdFyKzPaZ2VFnnLeipWcOSBLGLCs+dbDgsxz6 -sfd+3Jhsa57v+tqDMD7YOkrtlaWk7DQ7RqF09QAmEIgjLYlA2BZeisSts1o2hW6K -ZHdgIxnIcbpI/b8CggEBAPUbZWs2lfQ8Ulp2hb0vTUkwyaTc25a404n4x2Ew2uD3 -IpaXsZicz8crwWCHrnX0IWLTfE6f8u4O2fzVs8x9FHwxuoUUlNeql8JVRhq9Ml0/ -xDmdlZAZQ1sb3a6GZY42nhlrSMs4rN8Okx7glwFJ9DvuXxRGwjjaI77UKQ8pAzoP -HThTC1rifkuDf8k1jlLpoRrxWHJwKVbt6N2XxNTZBSnVDEao2RWChxAgo4WiHzMP -lGYjvfBlSuoxqatKkjtJadKIUh/XH3DUzYetPXI2ec5sOUr+K2MB9wEXROvYN/4s -LiqGx5zf2sxTow1O0C5CUQxfUXVcujUWVbpRAABuXhsCggEATpdEOhusj7y58zqv -uc9L/g9e8GYqpPzNuht8NmR3nWdeJ+oZ3m87KnysYfxuM+QkSnfbCt8oWy0a96dA -Kbld81fpHZNLcOsBgu3/ScsTWzGqlzPKthNFsm7hXGuCy1zw0p9q6wKSJtTkmsbD -sWEhtA7j2sKpikudVHPQiN1NKcc9yfWhHBxfQeC9dWQc2rMZDDcZpZJIWrbAEAED -22N7kfsbormDPliaTS7wolheKIkZIh2/rJfSQtuPt+vgWoDvR2g1Ie7o3KMWaR6e -ofMmFimEzQFmDRcFqJoeJ4lcph46Oo+FbuCc/886ZL1OTKPpxyEpUxP5KzhL3XuY -T46UdQKCAQEA70irnhtQEXvCOiZzMdo37Tf/4z7p8R7HBW8l1jBHvlAGKFY3PvH3 -tk11H7PWEbkfzscAGBH2q4k8LqTCPuPtV8GEgd8x38nfFg0Bv6DsxjQ2cLjzBhZj -t1Jg/Lyf8FJJzi76hcrymWA1KHPBd7SnBssTb0wU2EO9mdKtsusrB0cyE4afEz8C -ZN4fpmLuautCKHdtDWuKMB9astozgkfLzqb6sRCtvV4MVSZH/XHkW4jeK0jBaSq6 -FCAfr+XBFLf641nKMuNlAlX9wHLUBehAydDFrfyshp+ocBwzYLtZDn47I7EotnGj -vM355EgI3OBJF3cGozi/YIxJbPcetU0J+QKCAQB4vxZT5V5TU5IHkuSY4VRx0nCY -DYEzyg0eMuB7kDczZ0syjmc09RI66a9BUeLf+K3n/eJaqA90DzNPwDOubAqEZRAq -UBxhPJg1nFOnaG4n955ol1liupoJIgCcvMR28apPR9x1vvrDgtZpXlMaHQbvmtER -hJdYyB4coyq2YwHMQN0cU7ru9TvXLiGaJxeGvDToE6DpogBuoN82in/YiqFnkloB -y0wkD1AfuN7fnnUhoqJCShv3o5kcmDlqMXRXTVziZ40VoG4llrXL97XhC9B3OkWh -HhimUXHonPRHgoPPSdQhhYz/xgiICZLGDdGwbUnOp0QYeE0jMdlnVgdxqw+B +MIIJKQIBAAKCAgEAvHQ2Qkb9WQJPF/KqRmNG/1NbroDZMyWU+W0HpuRbsiYpZKnS +7mgWvTvn0W/dxs2e4XOiD1ohu+wEWVFl7IeFLK1Ye8AZ7xruLMqeH06ozGSja0VY +oow2D0aapW5Cmanm0oNmzfAUYzc+5xy81d74jY8bcCUVhePCgzXBEXY7KkR7XWVR +ZeCv3Jg2HNVjk9RehM5Xj1KZYJxIrCu/XUVwaVHrDBl3OgT6V93iVZfjB3Tr2VKD +EB0W+BMCUVH9egiG5Qlds6fM6VyUNorKGeBWQAhdIa+PS6/jqrDG0rIwWPUxnHLj +elmYv16lqWMESDpbue83Q4l513egDYHtpf/dC0ABrW5xLuvWfttoNIMNi9HdHD5C +48XZcx3FJZyYoPzhGP8IYDQurwf0CfUxd2cRcJC31Vm1TXP509O4B8Aqk6aQvfUa +1yONLSJ8zUlaU3NBC15PF+SF1DXR35sBFLRROwl3bw/iSYoU7bwDCqKTAxBjWEl5 +ADixg2h7nfVW5FSauGk/YPQwu14WvHr/XM1QhzWsRQ5dgsl8h7hI1TuqUhlP4n6u ++luIu6YhFMDarEun+lzOjuPIlwhEkfz2+59siJ+AksES5p/DdNTV5iDKxlhBqmcO +JFCADJ6sXxvevj8nMx0m14fIb8b6tRJWnpHt9dEDChnDktV+TZbDZxba6DsCAwEA +AQKCAgEAuG5bM53aD6Qs19kLP3ulXfesgCllZ6LeGwTTOke+XajvVa7F2cBQkL3x +74w1VXyigy3xamjhHtKqpub8gvFWKhUzxViJiPGoKnnZKfaHSBEtxavGRL5HoceN +TV2NHGmkll023VCaA0dr7i63t+9Q/OkTBzujxrbSBCs1WeuFl6YRvaOMd9HfClqE +is9jdqeeIQb3tjI2HNCWZrkhvRxaGRismdjKUCPTBO8HtJDDBOcuci9ISRrPAdVI +rWE6WpXBvqDd7RbJeZC7FG3bwFtGzb/htTflW0M14jTDQCxXGJhOBziA25qX3KG6 +Kv3WkQFcB6nPQe9nKLHQF6gSdiTjo5G6/2hD71jbWrnv6B5b+9wiX8aHpSo+/M9p +p582PnkHnx7ewX6utsts58Z5SmDydn4NztLN6dQ6uGVxU835nN/ztdNZt6weS2Y4 +9eEPNX+gH1CUQvkdiOHnrDiCnkGLHlfyW4qC+zm2tZI97jlQRa5fml9dFcL4IYKc +X7LKbCTLPLGORQD7YV5ePYzLiqagkt+D55sIpcqZeLo774fGLk4+DHfv3ii9iSNs +o4i1meNVypyIr1WPNz3KkPGJf+pEfIVB7s8P+tnNGvHy415Tcf8BMgdEoer+IsDa +YiU5eoD5ioMTcDRljdq7qJmfb2u51j1z/rZkqthVVRvciX+5aEECggEBAO1EzMsX +jITUDeosE6ORg1kcrOLYya4FU/hgM3YnJTVnt27q0/LuUiU9EQnfVQgXwX2Z+hUP +46YbwkswzJ3UadUEeXPLjMDcEdUCDH3MkvTZ10SZdhiojUIfCu1Fj3NwOepr5Zex +vFlWohmFXDZV+ZlPsoCI53UAGrtQK1HCMNDBzSbqhymaBVYNIrg36O3YHmb0u8Zp +mlLLJLAYphX/52TWeqHxGfCKHbquQf+ZMhq7bWi9NQcPh2Qul1/4R+YMNjJTkoF6 +5jIcQjXLd4BImkQPVF76SHI9Bhqau1FlGpspQJA06t9Stdp6q0t/WmP6FOrEwccX +RLVnZ1SpreEseJECggEBAMtU3X7tY6ukipPwARvBDzNhXktU2lvjpNstLpel0eaA +u48WDPKYn2O/7JqwwDa08Dha6dF90voQ4mkHflHuqcKqaVdo72gGQs6yCJOGs247 +RT6hr1BOBKANfaQ+380x4u0WAzAD442r1YiYxec4Ia6uAf1/q6/518ED8JQqZhG0 +NUvZ36llDoWHSjlmIv2bxGTGNk3iCg7nVlMWi12N6PN5FWRkUT6GEbz3NLrx4Ojt +tVQ7MoOZ0j3HezUjGQbQz/Dbp/Z57EG3TdSS8MYEL8HVXUk6/mUvybcM6PadDUyI +Sozjq4j+IIylEKUQyT94R/nZG6ZTwVIqLhtEALwDGgsCggEAEBP+cLC60/Fus/Si +rA3bQbmguYqJOCKiSw1xz0rdyZ2qn3iIPkkKBf36XpnksDSz5uf9O1olSgdNhjzb +UMKpHUc9V6xucE85Yh7Oa+Pl/XOZk8t2ZjtdvyJNYkC5dNAhDJKdL0dbBQ7K00Hn +OsNes5Xj+bPNQ29rYFARb2viVPMdDMsNt7L5M5iWRrd7MErZ3I4u/0X+sCeV59zz +vD/oFTw3eSvWXyds1k6iqEhgTdFvm45evoi92vsRRO6VKLChJ43kOqPyX2jsz6pn +Aalp0rzbMchyClO6Syk7Ekvwnp0QA/WiCNoY+qIfY3FQ1b+HlVUZ8HzSKhzEsscA +wmZ6EQKCAQAgsQdfxfk1eqIRQRBcjwDLqQcJI55sEcDKwIvyM+X4opAFZG02gBV4 +az42bN6qrRLGbM+VMB7AuAA/FMZZk/7VXqLLPALp/b+2DefVGF43Be6PMF3IkpKp +zSF7S+Sd0DyFE/n1OVrXx13wtWd0UpEPzchiIqnPBGONE/4VRG/evtOm22Pbj3Tz +QRpM+j/7+JRuA3Rttz8YwFcfyssjgpKGutwWpQ5u+A1YDYL737HioX17Cn2HrS6h +YjZMB9WZQ+968UYjGd1Df55S5EE0BS5MguqZwJNwX2uWM8wtAnlF6c/asSw+PWWs +V0nC0F0bCFLCOAb7ChJWDJQXLCrWD8WbAoIBAQCt0g3SwYVhwg8qJOylNxwI2eS3 +98x8kbHea3xdtm5m2YMqrqLTvR5+PthXJmwy5K1SRyWW7V3U/y4fRVDE2T0qtOeZ +zyWGvlzPZhnPWHp5WTZwkpbvr6Lhr/bzde71hVy0GKyURL2gfRBzLxTF8B4SC2a7 +PTfqs0rHmQ8lKWPshEkwEYhJSG81l/9k8NmBLARfbZ30IVjYokQ4hoOO/IkLE4zt +p8YJIKifVrTmQoUM/uAxjKRfnBrDDOC0UUSZNKxl3PdcY84n7PaI1cZQegQhNUYl +TVjxCy9LrJ7p5r/G3YGzyP0Z29pOEXBOODurOSca+FR6nnjCD2FKJBvwV0wN -----END RSA PRIVATE KEY----- diff --git a/scripts/Makefile b/scripts/Makefile new file mode 100644 index 0000000000..d82ec0817e --- /dev/null +++ b/scripts/Makefile @@ -0,0 +1,35 @@ +CRT_LOCATION = docker/ssl/certs +KEY = default +O = Mainflux +OU = mainflux +EA = info@mainflux.com +CN = localhost + +all: clean_certs ca server_crt + +ca: + openssl req -newkey rsa:2048 -x509 -nodes -sha512 \ + -keyout $(CRT_LOCATION)/ca.key -out $(CRT_LOCATION)/ca.crt -subj "/CN=localhost/O=Mainflux/OU=IoT/emailAddress=info@mainflux.com" + +server_crt: + # Create mainflux server key and CSR. + openssl genrsa -out $(CRT_LOCATION)/mainflux-server.key 4096 + openssl req -new -sha256 -key $(CRT_LOCATION)/mainflux-server.key -out $(CRT_LOCATION)/mainflux-server.csr -subj "/CN=$(CN)/O=$(O)/OU=$(OU)/emailAddress=$(EA)" + # Sign server CSR. + openssl x509 -req -in $(CRT_LOCATION)/mainflux-server.csr -CA $(CRT_LOCATION)/ca.crt -CAkey $(CRT_LOCATION)/ca.key -CAcreateserial -out $(CRT_LOCATION)/mainflux-server.crt + # Remove CSR. + rm $(CRT_LOCATION)/mainflux-server.csr + +client_crt: + # Create mainflux client key and CSR. This requires Thing key to be passed as a KEY variable. + openssl genrsa -out $(CRT_LOCATION)/client.key 4096 + openssl req -new -sha256 -key $(CRT_LOCATION)/client.key -out $(CRT_LOCATION)/client.csr -subj "/CN=$(KEY)/O=$(O)/OU=$(OU)/emailAddress=$(EA)" + # Sign client CSR. + openssl x509 -req -in $(CRT_LOCATION)/client.csr -CA $(CRT_LOCATION)/ca.crt -CAkey $(CRT_LOCATION)/ca.key -CAcreateserial -out $(CRT_LOCATION)/client.crt + # Remove CSR. + rm $(CRT_LOCATION)/client.csr + +clean_certs: + rm -r $(CRT_LOCATION)/*.crt + rm -r $(CRT_LOCATION)/*.key + rm -r $(CRT_LOCATION)/*.srl From 7a6f770eb1279123353dbace452b2bfd3f6f2f3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Tue, 26 Mar 2019 16:31:30 +0100 Subject: [PATCH 03/21] Move certificates make context to scripts dir MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/ssl/certs/ca.crt | 32 ++++----- docker/ssl/certs/ca.key | 52 +++++++-------- docker/ssl/certs/ca.srl | 2 +- docker/ssl/certs/client.crt | 26 -------- docker/ssl/certs/client.key | 51 --------------- docker/ssl/certs/mainflux-server.crt | 38 +++++------ docker/ssl/certs/mainflux-server.key | 98 ++++++++++++++-------------- scripts/Makefile | 2 +- 8 files changed, 112 insertions(+), 189 deletions(-) delete mode 100644 docker/ssl/certs/client.crt delete mode 100644 docker/ssl/certs/client.key diff --git a/docker/ssl/certs/ca.crt b/docker/ssl/certs/ca.crt index 6447d15cc1..3ec4ec508f 100644 --- a/docker/ssl/certs/ca.crt +++ b/docker/ssl/certs/ca.crt @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIDjzCCAnegAwIBAgIUFueTUVt9kf0mQPlF/7+hzAmX6fcwDQYJKoZIhvcNAQEN +MIIDjzCCAnegAwIBAgIUGSC370cM1AKobznTeJfSVcEsT4swDQYJKoZIhvcNAQEN BQAwVzESMBAGA1UEAwwJbG9jYWxob3N0MREwDwYDVQQKDAhNYWluZmx1eDEMMAoG A1UECwwDSW9UMSAwHgYJKoZIhvcNAQkBFhFpbmZvQG1haW5mbHV4LmNvbTAeFw0x -OTAzMjYxNTA2MjVaFw0xOTA0MjUxNTA2MjVaMFcxEjAQBgNVBAMMCWxvY2FsaG9z +OTAzMjYxNTMwMzNaFw0xOTA0MjUxNTMwMzNaMFcxEjAQBgNVBAMMCWxvY2FsaG9z dDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsMA0lvVDEgMB4GCSqGSIb3DQEJ ARYRaW5mb0BtYWluZmx1eC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCjC3P/9Qsn9oGXoygFR6sStLPxYwZGMyoZ7ATaYpA/7YgxC3EfMsQgE7JD -rsmnHHxl4hzDoft3aDphkzJL7/fQoLMDAb+L2uB33HDPqnCGbq/38+f3ls8UHZla -RhePwqtfdD1YhdGIWy6jSoaZ4OfWbibFxeLVBs60s44psv9rrXkmWmWeF/fBEeZb -7jTbgF+dGXx3BIGm+oUU+dwmd1qPbVUqJCQuQhoK4+qLqrryTx3HU29b8dkdc7YL -Wf+dsRnOgzGYbLqdrCOYHV8RRVaXXjdTjTiQAMS+RTkTCMU0tQ2Dy3FLqlaOBjJp -QqPvIxEw9+gsrdVqgauu81rRL7P1AgMBAAGjUzBRMB0GA1UdDgQWBBTMrbgB/PYJ -rzpDaGr86FaJ5bqK7TAfBgNVHSMEGDAWgBTMrbgB/PYJrzpDaGr86FaJ5bqK7TAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQBZFcf70eqwU/L9zQTq -Qlh8CW12Sa1pIi39k3SKgaVAXCn/B9rDzqMeJHRLOwAjUiBh+Uq81uX2w7jgl4eH -KPPf8Ca902sC+VpBROs1qYU2HHke5MSJ6MPwDbBD4Y92HYThW/Yeer4pn9yTIhaJ -asNXEofOXm13vqY1P5CJuaOp1wM3frs8aPVwpCq8P6VAeivt7wl5qH2Hz7yah7LZ -UBt4jEAYZtSYcvMyRIVaqp/PZrYtS6iXcN5ITzhEGON5ikoRlGWT2m5fKL2Jn0kA -i4I7tY0T7xLpYyXlc3ZBsjsVpcAlQSolpeyTsds3Y0Ka6TZ/mlcsr/X+38e6Zh9a -cmWg +AoIBAQC27SQQTvWk7/61JEEhrM8PzG0CjIdAktMRMgGdfU9vEJxs1bihoOXfspVZ +smHbtiWJMSZA+9jdV9fiWLE+S/hS+3324tLggdY9/kRGNiS1hmAFwWDaJ13qovo0 +FMNK88PQcLiIKJTRb+xBaB+TFC7NrmGL6X4y/rM+1BIrc5NA5JE/heWIpaqSppc6 +DOiYL/bqM2JfExkbJBEl9AoIiKyUdYKnN0xaADkxhVYNQqG2ZNtRP/ANLlA13Fq5 +hP2evufoHTTghDQz129R1RfgY5fpyyoL4XyM3lOgutTyhyfLDZkjvl942kQBrMFZ +KJlnmnR+tDGK3d5dUYCXpUK6PgO9AgMBAAGjUzBRMB0GA1UdDgQWBBSeRBvYwp6G +X/SZ39WjfDLoRQ/1JTAfBgNVHSMEGDAWgBSeRBvYwp6GX/SZ39WjfDLoRQ/1JTAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQBxfq2QtFrWfrRJdmyX +RSRYUDDnmdaBG873IwDduCNc6g8Y5vqUhmcE8cqUE26T7GCQE1uWSSRKb0IrFFp9 +cctNiF2YbmtI7tQIdWZ5H5UOl+aSSv50S1/A5AnSeinQozpYgtsBa5i7raVJ7Ya2 +/ljwEblxBSi66OkVzrAJHRYBPEhEUos8Ci/OVMcOLvpxzukLlj3RpZWJy4fwOH6y +VcDB76tzSS6Kedna1QqZNme+s9voVnCJoyQihVk+Lr2k3PKei95Xu0opWLRDdTU+ +0xTZDTI3orecuDozZ/QOSDotVgUlHBRMDnwkRyDCUtVe699DAN51oJKm2HfR5jes +fhT1 -----END CERTIFICATE----- diff --git a/docker/ssl/certs/ca.key b/docker/ssl/certs/ca.key index c43cc902d9..11c88961cd 100644 --- a/docker/ssl/certs/ca.key +++ b/docker/ssl/certs/ca.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCjC3P/9Qsn9oGX -oygFR6sStLPxYwZGMyoZ7ATaYpA/7YgxC3EfMsQgE7JDrsmnHHxl4hzDoft3aDph -kzJL7/fQoLMDAb+L2uB33HDPqnCGbq/38+f3ls8UHZlaRhePwqtfdD1YhdGIWy6j -SoaZ4OfWbibFxeLVBs60s44psv9rrXkmWmWeF/fBEeZb7jTbgF+dGXx3BIGm+oUU -+dwmd1qPbVUqJCQuQhoK4+qLqrryTx3HU29b8dkdc7YLWf+dsRnOgzGYbLqdrCOY -HV8RRVaXXjdTjTiQAMS+RTkTCMU0tQ2Dy3FLqlaOBjJpQqPvIxEw9+gsrdVqgauu -81rRL7P1AgMBAAECggEBAJ7NkPZEXdFWr3JaX6iE3YMirgD2Si4lt2P4FeH/DjC1 -0miylEOm1o/Hn2F85Lv3atJxIUMKijsLMZHIJL0BxYVWgAT1tvMpBGi6NMaPY3oM -ZShEUDM+mAMnsS3UBy7mlLQsK3QFIsiExzAUbnWCMU0RjIIk84I5Vyt5l4XV6iGd -DqUvmkES/6tMTouqZypI9GTMiW6Nh94L6JK6RYujuZGnw5cVBfSsFjFSPhDhJKTK -cOG883YEC4mtMzTjU9MQhvraNDKxBAL1kyHU0pr7b0bUu0Ipb8sXyY76ssBW4pbZ -OCD0qsIGIlJBzq1IQyJ00DvUS0pc/7uYm4XcOwzH4iECgYEA01rMijuudKbjZ006 -JXz52QOLwar5BdZfR8Qiym/NeJLEFbBa/KZQ6Xh/fF1BUDIWlsQz8ie/uQK+05+G -a8EZFmd1xzCfUdMcBSoeuNVde3PvPrmwk1A5ecIzTJkRvAe3nvnzo4uzMS08P8G+ -7LT5Uoupsgu35jumQNKQiQj8XCMCgYEAxXw/u/BtjT9qW6ssnwYJZxHuDbjtRENC -oODrP8NEggBgpwQhZd0mT0luWMz5pT+putfyQvWJjHY9alJTTVCf/nroZO54lXf4 -yQYbL79tQM3hgN39bYAsVuzH5gPrqpGG0g4TLTzdnyLZiXxlx4wTBK7ZNC1P26Qw -DyNjrp0ZhQcCgYEAsuK+Dh23aZo7DJrrpQEjQs9igXehL5Sirk5OmAKK6QtnlWff -ismF4CWR2YPgnOzX+6Fyyflkp0Wwl9MEZb1Y64KDyCTaI9pHdAOTXyOP7MZSb0eh -MP4Mt4Zr/t/rh7cMbizmTr0V3ICJ5vioDRabk4cMCNssOlywOVs+5A1L8vsCgYEA -wKPQJAuHQgZ/QIZ8k283EtTZq4cd473cq8RblqprFIk7vw/3aD9O1H7j5jmkuH6e -mcV267xKfbsFc8Z0vfGM8JeCRJqfA+awx59uO6h28YUjmSpywTMLjYuR/50JcSxe -IF9cc39xDH/ZRhUTz5CjKKlK9WvR/4Zs3wd9gGJ891cCgYAosQArqfUoEYpKloq1 -GYFK9YrwAU4kPno8kWbt763OfL8yNCYaKwe0KRWHxJrynIsibquNbISNAxyjlp51 -OVLnL5SD4oI1xP+Dant5WPFb/NjRDo8dPl1ARVBHQfI+Eerfb1pVwIwMtlUAe3NK -X0ihyHxT+tiO6oFDnOcEFf7WYQ== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC27SQQTvWk7/61 +JEEhrM8PzG0CjIdAktMRMgGdfU9vEJxs1bihoOXfspVZsmHbtiWJMSZA+9jdV9fi +WLE+S/hS+3324tLggdY9/kRGNiS1hmAFwWDaJ13qovo0FMNK88PQcLiIKJTRb+xB +aB+TFC7NrmGL6X4y/rM+1BIrc5NA5JE/heWIpaqSppc6DOiYL/bqM2JfExkbJBEl +9AoIiKyUdYKnN0xaADkxhVYNQqG2ZNtRP/ANLlA13Fq5hP2evufoHTTghDQz129R +1RfgY5fpyyoL4XyM3lOgutTyhyfLDZkjvl942kQBrMFZKJlnmnR+tDGK3d5dUYCX +pUK6PgO9AgMBAAECggEATGoZw5pIcUM0IpVng9q9kLrz2rm7klUDSM6b8B81vI6y +2aAaBaLCBEWEsDidOnwHiBz4/vJ18FjOvSYRvJVdwcR/JVAxiUmTpsf921qo0Q+2 +MxFKFTeWuvqkDHeT8U6NQRilbXOOX0Mi7VvCvN0UhCVRaHH8nu7ZD+jlQjOAkv1z +fCTnIKf36AP21osmNHEr7XZm5kM8Y5PBfdsX0dR5yZxGln5fjQ8pEIAL0r+enIdY +YYW7RBOzOIDO+TvQVq5kaMXIZvIwcuDUiQigAQFDYXV+au21HuaLSRHI07cp71xi +Ip5s2TosN2sseBxB3n9Y0Ey4SUpy5BkxSMO3ygRFHQKBgQDdMfVnPibp5ADjbshK +3C6RLWlUYh2W5KCfL5RFzLlHCRNwdFvrbBnmWCI3WOcp5PfB4zVy9f3x1udkkqOI +uKrs7ZyNLFYix5oVfnfj/J9ujAOH76n67kGhzigwzQkzy63fKeYNH1gjap6YSBuC +hoEAQydC2RxQgfBf0cNxf/tY6wKBgQDTtamF71A+zFQKyklLQPjRtOAU/r5oLobD +m97W0u/Wq8iOJa6PLMTDFP+MYiFsbWGSDGz72nbj9MlMMtet+Ntxo91SLtIuqZkF +/JJySrU+Rw7qmppFLc5H4VsgM0tGQK2As5rkIjdVpEFSAJPO5fNWODBEycMpKUMs +Z+or/XNr9wKBgBNWB67TxxERJma7S3UH1GZKgvemcBG9wLDJtvt3Dwc/qtxcv6BP +3d+9+pe+BM8rveDMHOME0AMxFx86lmMgSYjWqKXKp2j46+ZPHOnoLoO6Z6Cdec1+ +wGwFmovRkKlfd76Xag3hnJHUAzMqsoTxfxtnw2nbktcS1NF7g8tLNcyrAoGATlO8 +x5/V6ZYBVgine18rb7Li4QGrArKMC50EoihiseLWjbjlT3V5ys9fCNpZkVsaqUVN +oRSfvhEX1MhOwb/7uJyuyrQl8TuwMOXUbNK1Ibh6jVPr1cJvumpnI4+2vuQ5DQ/m +M5dxL49Y13T9OqQbFoAtY5XeTcFFaA1+Nw5LgNsCgYEAuTwkp1zpRVePayT6HZIa +LaDZQ0kJanZDAV3xpHSj21B6KpXforROAQ/iy+nBfdNSUmjwu8Lk3sbEt+jebuvK +pWjklnmLWAwV8wTMaQ/pfFfh+1fAzEjmHIi9nmpcoO3SSxOk4R5FP5JoVef+nAf5 +LV8OsxZC+GphXGo0Mr/SnII= -----END PRIVATE KEY----- diff --git a/docker/ssl/certs/ca.srl b/docker/ssl/certs/ca.srl index 4ec0c0041b..ce09439efb 100644 --- a/docker/ssl/certs/ca.srl +++ b/docker/ssl/certs/ca.srl @@ -1 +1 @@ -47875633D0E01A6142FB0C0C3C3428F19A8B1579 +46AB94F35A2907F719647D80C9259B215C24D364 diff --git a/docker/ssl/certs/client.crt b/docker/ssl/certs/client.crt deleted file mode 100644 index ee6478448c..0000000000 --- a/docker/ssl/certs/client.crt +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEVTCCAz0CFEeHVjPQ4BphQvsMDDw0KPGaixV5MA0GCSqGSIb3DQEBCwUAMFcx -EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM -A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI2 -MTUwODI1WhcNMTkwNDI1MTUwODI1WjB3MS0wKwYDVQQDDCQwNzQ3Yjk3Zi0yM2I0 -LTQ0ZGUtOTUyZC0xYmI3N2NkZWUzZjAxETAPBgNVBAoMCE1haW5mbHV4MREwDwYD -VQQLDAhtYWluZmx1eDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20w -ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDdurLwkdVyo9qe06kUVYbm -oWX4GGEtcFwfHS0DM8F072Qm9HXwCIH0R6NYuFniUDU9Xf/JmjnhbJUZRFW/jQvZ -naVbHptR7IJlQxyxrDAtnIrTMXjdtCHcLrppRhym2C9S+AzIa/LqKwZzWQ71ZlUI -SgP3uSvewVnUquJLBFsEmhpyaxkLQNVWLtrW4BXSuHeyfI2j00+dzPFyOWA59d2O -y694PVBZ/q9iYids3So9oMP+jLh2Jl0uV1C7RIloCETTHWxbv2j76/mzIFOh56t3 -Y2Pcy4RSPEk9IXmG94LRpoj9GMo6MsbGwfWp1hHN9emXjPxQr5dqF+E6WOOW3tYA -ikrZ9Z/V++Tv73kPs0OskKkrZXst/2huH6Z1IrrDBBuTSIGqFgGDmoZGSFoccDpQ -C8JhRSYNrkhx5B00sTkRK6R2+gSy+PvfBvQQgsFM3C3QHgYQVb8xxbPmx7I+pidc -JaqwM8/8wtOos8NS/fBBc8CvCjjv/t/wFBdySK/+bOIWROWB2BV8ljy/CPLSq8Tx -mAjmeelyZ6XvyQuOOtKOfNNEV1caSY8g5uTKqG2VZvKeLf6lwTnIcVwhuQSIjCVW -3Qu7CLxabSfJtDqQKwL2kK3RKrwafs1IwJuX4pJdo4jjsST5YfmXz9zgI+JSXUX5 -mNim0GNbGpjgSoEnXyQTSwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBa2QZhpE8g -xlm63VvMAW9tEET+02baOBaKwsP8f/uEthw4r7fumMEwf2IIgO+y9VbBO3z9lRzK -vWkPioMp38iuqm4gPchrU+e3t8gSiexrA1i+RkLxQovkbK9xVQi/KcL/e/wb1kYo -GwsP70JE+Tx6WYFDldrTiBUesS8Kz4YvwbqWOws0kHpmCrko5iDVMjjlo/44WNqu -MECAPr/o5HhjHstS0LZJhYzzEGkXoo2Fl5k2UK1nm9BmJNKQeEhUmWHJxxSCvwoR -j+fz3Fzw4bH3BNkhT/qoiSQtORJjp/ZV3A62ZYMpygEJHjWbUQudYHwhQPtsO8kY -71rmZM67eV1E ------END CERTIFICATE----- diff --git a/docker/ssl/certs/client.key b/docker/ssl/certs/client.key deleted file mode 100644 index 2e293b122a..0000000000 --- a/docker/ssl/certs/client.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKgIBAAKCAgEA3bqy8JHVcqPantOpFFWG5qFl+BhhLXBcHx0tAzPBdO9kJvR1 -8AiB9EejWLhZ4lA1PV3/yZo54WyVGURVv40L2Z2lWx6bUeyCZUMcsawwLZyK0zF4 -3bQh3C66aUYcptgvUvgMyGvy6isGc1kO9WZVCEoD97kr3sFZ1KriSwRbBJoacmsZ -C0DVVi7a1uAV0rh3snyNo9NPnczxcjlgOfXdjsuveD1QWf6vYmInbN0qPaDD/oy4 -diZdLldQu0SJaAhE0x1sW79o++v5syBToeerd2Nj3MuEUjxJPSF5hveC0aaI/RjK -OjLGxsH1qdYRzfXpl4z8UK+XahfhOljjlt7WAIpK2fWf1fvk7+95D7NDrJCpK2V7 -Lf9obh+mdSK6wwQbk0iBqhYBg5qGRkhaHHA6UAvCYUUmDa5IceQdNLE5ESukdvoE -svj73wb0EILBTNwt0B4GEFW/McWz5seyPqYnXCWqsDPP/MLTqLPDUv3wQXPArwo4 -7/7f8BQXckiv/mziFkTlgdgVfJY8vwjy0qvE8ZgI5nnpcmel78kLjjrSjnzTRFdX -GkmPIObkyqhtlWbyni3+pcE5yHFcIbkEiIwlVt0Luwi8Wm0nybQ6kCsC9pCt0Sq8 -Gn7NSMCbl+KSXaOI47Ek+WH5l8/c4CPiUl1F+ZjYptBjWxqY4EqBJ18kE0sCAwEA -AQKCAgEArvuQC9qLIJW/CmjvnmSAubHVzx0uU7XAfa2AwG4v1iC2YSe7i1qrdCS0 -/GdASCIUYgG0w107IHOYlwAey7R8DZkjze0xlk2X+mIkWvMQcm6AAHuibxShRCp8 -Ymg6ZFFnx4qKTAElCzg5Nv6pl3DS2l/PEcjInlrokbTqMVmWmuMiy/lJImBf/Eut -2LWvg0Sg8fLptMgmpNoAEazGC/fEidSk/bclmmAr+PCNPJStqUUeZ9yWFmfgUZoG -1EMaTUd5SUKHKUC9kVKBFKQGXFeAMg/112GlY2DAS8YHKkRasSlEIrlVnuhDhse7 -H/UYx/myBy/0T5jDXa7KyEkuEvp41yutiIiNI1OPrBPMiruCwoVI5B/gJcroTL6I -+BN6EebymfnkS/VRyq8/dJtVQ/Ce2OUU3M5HjBVePBMuOF5CCdPKTY3yUo1DioYQ -AygYzn42uS4o+XtfEWg80AS1jGiRQ/qKvaz8xaocUXETUQik0gTdd2lCN2jsl1+B -jB5mLzihHBAW4azHa1yDQNnZVs8QwgYke6qtylegWsHNKfb5jFQoHMW3PU6hsV9e -GTAjs36zmiOb92X6arMtPCwcI/YnhEamq9VVkg60sp1VzRStBW+UW0i9Yqsy/6lO -oRRNHhvbOlggFzj152/8mQotkAuA/yZQ48VoyU41V3y6mle08YECggEBAPvJ/iI7 -ZGukZ5DVAn4hnmmwjT/S2rf+66w8DZTZzS6ScF1ywqZKFsNiYrWkzt9oocSfgO3H -FwZ/kvypPPSNF7IG0H6Ko0JbI41NBudYLnkEu5N7Rsg+6kRfV5wYMJ8pEjandI4n -+ths3O0azgtcQ9jjHPkRWrDYprYU2pStUJEvIAGCiYYOBk8NAw5BE6D4Bl7gWhDQ -3HoSdM6Qn/4MaNI8dJYiooe9BduCusw9XL9CNMy64PwIkCpyk2d0YdGX4Yzf3lnk -8CKWEyjKjNMCNcq+xVGbWJf4qcnsbm7J9ktqQsGH5LiJm/b/njmCwxYPVCMKV5xs -SHU1fZXCC/BPkAMCggEBAOFwAj7A7MnaIm18qLU+k1HMk/d3HeLNsZ4dCYbmHvii -/T0IxusncomOtHAXJyBtNqxHu4oTAM7G7FxBWBiRAgn4FcplWWgxqVTagji2lDw/ -5D9Lq45AL7XYiZ58tQ9wbUaR3QJ2JAPQRF1Dz8STdnL+N7YILcfPxNpDebpVsB8D -hTSaHv1IzDm65OXvKMQzHY68mIgYC8iyeUPa+fAYYB/G1tBZ329NxQhgUSBFvppF -GOvJjglUxnwXsM05v5rHI+i6KhOwsQgNDcTF7avmfTxw893B8X7RjslQRhEnTsnq -zdLGOeDtoDBGvbRUQ2dIVVtu/LCEcYcF/FXcGO1FARkCggEBAIWE0sfSWOkf8G+E -FWNPbpK7Ndvvc154xv65hbY2XTDiJMXZMlE+Hp4TkSajs7QS5x2+O39bwOEIS6jC -EfnYzATyyiMgX3yzmcG3Y/7P6yzvjoyhpaJQgqgpKusyhK4R+H+VAyDTIJkd+XWe -bj7l+XCM1vNY+Y+oA5ewrUyEL6IdrEpAr66vxzaqPsGTTtZgT/iF3hzmtNPi76AO -X1k3uWoq9uQaj7eNTArgYzAlJgaiFB+wxdfArrpjsbj9pVWgxdGPcXiYB6M/k/9g -kZbfqCjQSxCAYVWNXnQedV04qevJ+IZqCqa1CkjLulri9ZLAJCzEsjrXzQCikesV -UIFpn4MCggEAHmlm1CJgjyZvKIf9ll23r/xCJcsa7ALFqEfQhjM7EF2kffxWIVjz -+ZyXuNtWuuggzQLsSMchf8OUFSn3gXDmboPaJLChbA3vAvRrRs1SmAIif2ts3EbK -aOSqRAgcwNVw2GlLAE8BssYAwvgn6iPegcrLpzHZQzBDJRKfNETk+noWGS+FaLPO -YSdWQ7KMtFMU9LF6fjmINW3mMAI1X29aYE8JoZfOLYy3PNcJeqoN+W/C2eQZ1iZq -lEj53+WfdHjS3k1m6bsXVre0GMx+sIbqdCHktBC6zFnmwj+jBCNiXJjhZUK6gh5s -UrboVpBbe25lnW0Oh52GVym2jbqgXjnF2QKCAQEAjjDttRRZpxWYe8nWKwb6M85f -GQ3wopQ35bxjNaT0D3asfcLYVA54buXeQKUwRJz91zNPoPDXvliT71wpnaToFRB/ -Kad69NG48+KswNnIhDZ0ImXinV3NDS5Zq5wUp2ROq3G0GRRuEYd4q4nFzFwi7NY3 -YVi5RN75fdViq2J0DdWm+/REvju3nQgu/g9INxMK/qpOY8Rc2Yi0cTOuNlhTzjJP -dGSyFkCLuXyaTgc9Dimg/mVDPRoJxz9xIj4VE/ZYdCVl1zRmM0wssHQsxPgYalQD -uDdIhmPnGuWSN88OFTwthSktfgsYd/VRxIOMxaNL8Ibk6ulXy2cbrhmbzn2cKQ== ------END RSA PRIVATE KEY----- diff --git a/docker/ssl/certs/mainflux-server.crt b/docker/ssl/certs/mainflux-server.crt index f939f50249..1af6c245f5 100644 --- a/docker/ssl/certs/mainflux-server.crt +++ b/docker/ssl/certs/mainflux-server.crt @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEOjCCAyICFEeHVjPQ4BphQvsMDDw0KPGaixV3MA0GCSqGSIb3DQEBCwUAMFcx +MIIEOjCCAyICFEarlPNaKQf3GWR9gMklmyFcJNNkMA0GCSqGSIb3DQEBCwUAMFcx EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI2 -MTUwNjQzWhcNMTkwNDI1MTUwNjQzWjBcMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAP +MTUzMDMzWhcNMTkwNDI1MTUzMDMzWjBcMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAP BgNVBAoMCE1haW5mbHV4MREwDwYDVQQLDAhtYWluZmx1eDEgMB4GCSqGSIb3DQEJ ARYRaW5mb0BtYWluZmx1eC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQC8dDZCRv1ZAk8X8qpGY0b/U1uugNkzJZT5bQem5FuyJilkqdLuaBa9O+fR -b93GzZ7hc6IPWiG77ARZUWXsh4UsrVh7wBnvGu4syp4fTqjMZKNrRViijDYPRpql -bkKZqebSg2bN8BRjNz7nHLzV3viNjxtwJRWF48KDNcERdjsqRHtdZVFl4K/cmDYc -1WOT1F6EzlePUplgnEisK79dRXBpUesMGXc6BPpX3eJVl+MHdOvZUoMQHRb4EwJR -Uf16CIblCV2zp8zpXJQ2isoZ4FZACF0hr49Lr+OqsMbSsjBY9TGccuN6WZi/XqWp -YwRIOlu57zdDiXnXd6ANge2l/90LQAGtbnEu69Z+22g0gw2L0d0cPkLjxdlzHcUl -nJig/OEY/whgNC6vB/QJ9TF3ZxFwkLfVWbVNc/nT07gHwCqTppC99RrXI40tInzN -SVpTc0ELXk8X5IXUNdHfmwEUtFE7CXdvD+JJihTtvAMKopMDEGNYSXkAOLGDaHud -9VbkVJq4aT9g9DC7Xha8ev9czVCHNaxFDl2CyXyHuEjVO6pSGU/ifq76W4i7piEU -wNqsS6f6XM6O48iXCESR/Pb7n2yIn4CSwRLmn8N01NXmIMrGWEGqZw4kUIAMnqxf -G96+PyczHSbXh8hvxvq1Elaeke310QMKGcOS1X5NlsNnFtroOwIDAQABMA0GCSqG -SIb3DQEBCwUAA4IBAQCEH9TPw0f2AR05R4qpqdR3Mb97y8eFLgViywp44AzJbMIg -iGXZqvnLxWI3T8O1uHgNOrm35Kq+F2HNLbnwoNMEjIYtO2dAUpPaCBLKxaWHYwKt -KPgBg4oXDL4tCGFNsg9Im4nlwaZt/KiTqw8rOxY/A4Oeu/Tz8eiTaymTvGZID9kR -Io5KSJnoUsmJ3jJP48G0Kyb7C3ma6y/4VRJGoZsJZ45yzaw7ZE0iExHMUEV8aXlG -c3T8/HvPzYUrgHrWPB+39mD8WZCkpTsMUoLvQfKZsg79Rjms+Ar77vj11vcwISKy -wVN6FWCeMfMR2jLltLUkrIgVQkEwJGhRwcn2+295 +AoICAQDOpDFoqbkj8vj5zT4IYalxXcaXUohVTVBLjzxLF/V65+k2L83fUZo5uvBg +3VQYBMdOnxSAPug77cmiVSxANYytJ1+fwZYBp3jlHF+m1f3AxtNhRklJBC1HGYTx +DviJ1S+hX2BTqu6vvWpSNzgdBgpHrKEjlvCA+bOpCqGPWh2ZW2p1vGLdu0yn83cG +uBzPlzZ9unwpuhlJuO17ZT0EpxCeJmKyuXojvseWVsMOfBqDzj1lB7oo2GNnN2ha +pYSHY59H6Q3rFwi3DCD+sj2p1Ssh387k88u99s8Mbnckh1SPvSZb0uqpOAkTdvni +aAxgcpyieXsJsw3Ko9Wv1OABpAd5P2Y8dwoC/vKVifySLHXKKzteN6mr8iUXIRv4 +oApO3TrCuhKutujYnxU8L9SKQaWDim5mrteW6M/m6K+Oq0CgeFE+YBJupgJl4UQw +xXsE4VUpiP2wmRTHptrSqF2othzSDrrUiSbgyCs5FV5cBbFQOnWBo6S83NI5awtc +L4QCfMqaXYuZ9nz02CSpsAdrN+Hbn7FUr561bO6CRpRnXVbblZ2iClWsThfO/W6y +wZwvwq8B7o0xP8++D+jvfw/8IFBHPHip2IKZqTNw1/IV5buM+D+ayT64i0H0hy3U +KgytzFR/4wNCCpvTm2AVm7hYfb3zsuqqsmAA7IZFubAOM25ExQIDAQABMA0GCSqG +SIb3DQEBCwUAA4IBAQBQROlB85OQcnetTXX0wUafPgu4S5s9VvUznLOdRRkHckv2 +EHLHBs0YwdjkEJ5WdyBKjBZ5f+nyD4K65jEdUXDozk+DiT9pefPwp65InLVmh6RQ +OQw/TFfsw2bv2S++GtYhQz2hcHocuIgWXqEE+d0DkKL0OQQdR99sWTO2DlBjyB0g +rGNp1fR0WVd4Ss+JiUOv9qwiGct6yd4Zkpdby+mjZOw7BW/b+8y7heGCf/d2ad08 +MSD/zw06J9yy1r9vCTqbDMFLK7a288xIX+j4D23EiToAFN12jmbM2PAs9Dt4eKzF +bHMTIgfNmGIpPsck/hc7ntIpgrCuqhBpV/RKkA02 -----END CERTIFICATE----- diff --git a/docker/ssl/certs/mainflux-server.key b/docker/ssl/certs/mainflux-server.key index b871d63679..d397e0ceb9 100644 --- a/docker/ssl/certs/mainflux-server.key +++ b/docker/ssl/certs/mainflux-server.key @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEAvHQ2Qkb9WQJPF/KqRmNG/1NbroDZMyWU+W0HpuRbsiYpZKnS -7mgWvTvn0W/dxs2e4XOiD1ohu+wEWVFl7IeFLK1Ye8AZ7xruLMqeH06ozGSja0VY -oow2D0aapW5Cmanm0oNmzfAUYzc+5xy81d74jY8bcCUVhePCgzXBEXY7KkR7XWVR -ZeCv3Jg2HNVjk9RehM5Xj1KZYJxIrCu/XUVwaVHrDBl3OgT6V93iVZfjB3Tr2VKD -EB0W+BMCUVH9egiG5Qlds6fM6VyUNorKGeBWQAhdIa+PS6/jqrDG0rIwWPUxnHLj -elmYv16lqWMESDpbue83Q4l513egDYHtpf/dC0ABrW5xLuvWfttoNIMNi9HdHD5C -48XZcx3FJZyYoPzhGP8IYDQurwf0CfUxd2cRcJC31Vm1TXP509O4B8Aqk6aQvfUa -1yONLSJ8zUlaU3NBC15PF+SF1DXR35sBFLRROwl3bw/iSYoU7bwDCqKTAxBjWEl5 -ADixg2h7nfVW5FSauGk/YPQwu14WvHr/XM1QhzWsRQ5dgsl8h7hI1TuqUhlP4n6u -+luIu6YhFMDarEun+lzOjuPIlwhEkfz2+59siJ+AksES5p/DdNTV5iDKxlhBqmcO -JFCADJ6sXxvevj8nMx0m14fIb8b6tRJWnpHt9dEDChnDktV+TZbDZxba6DsCAwEA -AQKCAgEAuG5bM53aD6Qs19kLP3ulXfesgCllZ6LeGwTTOke+XajvVa7F2cBQkL3x -74w1VXyigy3xamjhHtKqpub8gvFWKhUzxViJiPGoKnnZKfaHSBEtxavGRL5HoceN -TV2NHGmkll023VCaA0dr7i63t+9Q/OkTBzujxrbSBCs1WeuFl6YRvaOMd9HfClqE -is9jdqeeIQb3tjI2HNCWZrkhvRxaGRismdjKUCPTBO8HtJDDBOcuci9ISRrPAdVI -rWE6WpXBvqDd7RbJeZC7FG3bwFtGzb/htTflW0M14jTDQCxXGJhOBziA25qX3KG6 -Kv3WkQFcB6nPQe9nKLHQF6gSdiTjo5G6/2hD71jbWrnv6B5b+9wiX8aHpSo+/M9p -p582PnkHnx7ewX6utsts58Z5SmDydn4NztLN6dQ6uGVxU835nN/ztdNZt6weS2Y4 -9eEPNX+gH1CUQvkdiOHnrDiCnkGLHlfyW4qC+zm2tZI97jlQRa5fml9dFcL4IYKc -X7LKbCTLPLGORQD7YV5ePYzLiqagkt+D55sIpcqZeLo774fGLk4+DHfv3ii9iSNs -o4i1meNVypyIr1WPNz3KkPGJf+pEfIVB7s8P+tnNGvHy415Tcf8BMgdEoer+IsDa -YiU5eoD5ioMTcDRljdq7qJmfb2u51j1z/rZkqthVVRvciX+5aEECggEBAO1EzMsX -jITUDeosE6ORg1kcrOLYya4FU/hgM3YnJTVnt27q0/LuUiU9EQnfVQgXwX2Z+hUP -46YbwkswzJ3UadUEeXPLjMDcEdUCDH3MkvTZ10SZdhiojUIfCu1Fj3NwOepr5Zex -vFlWohmFXDZV+ZlPsoCI53UAGrtQK1HCMNDBzSbqhymaBVYNIrg36O3YHmb0u8Zp -mlLLJLAYphX/52TWeqHxGfCKHbquQf+ZMhq7bWi9NQcPh2Qul1/4R+YMNjJTkoF6 -5jIcQjXLd4BImkQPVF76SHI9Bhqau1FlGpspQJA06t9Stdp6q0t/WmP6FOrEwccX -RLVnZ1SpreEseJECggEBAMtU3X7tY6ukipPwARvBDzNhXktU2lvjpNstLpel0eaA -u48WDPKYn2O/7JqwwDa08Dha6dF90voQ4mkHflHuqcKqaVdo72gGQs6yCJOGs247 -RT6hr1BOBKANfaQ+380x4u0WAzAD442r1YiYxec4Ia6uAf1/q6/518ED8JQqZhG0 -NUvZ36llDoWHSjlmIv2bxGTGNk3iCg7nVlMWi12N6PN5FWRkUT6GEbz3NLrx4Ojt -tVQ7MoOZ0j3HezUjGQbQz/Dbp/Z57EG3TdSS8MYEL8HVXUk6/mUvybcM6PadDUyI -Sozjq4j+IIylEKUQyT94R/nZG6ZTwVIqLhtEALwDGgsCggEAEBP+cLC60/Fus/Si -rA3bQbmguYqJOCKiSw1xz0rdyZ2qn3iIPkkKBf36XpnksDSz5uf9O1olSgdNhjzb -UMKpHUc9V6xucE85Yh7Oa+Pl/XOZk8t2ZjtdvyJNYkC5dNAhDJKdL0dbBQ7K00Hn -OsNes5Xj+bPNQ29rYFARb2viVPMdDMsNt7L5M5iWRrd7MErZ3I4u/0X+sCeV59zz -vD/oFTw3eSvWXyds1k6iqEhgTdFvm45evoi92vsRRO6VKLChJ43kOqPyX2jsz6pn -Aalp0rzbMchyClO6Syk7Ekvwnp0QA/WiCNoY+qIfY3FQ1b+HlVUZ8HzSKhzEsscA -wmZ6EQKCAQAgsQdfxfk1eqIRQRBcjwDLqQcJI55sEcDKwIvyM+X4opAFZG02gBV4 -az42bN6qrRLGbM+VMB7AuAA/FMZZk/7VXqLLPALp/b+2DefVGF43Be6PMF3IkpKp -zSF7S+Sd0DyFE/n1OVrXx13wtWd0UpEPzchiIqnPBGONE/4VRG/evtOm22Pbj3Tz -QRpM+j/7+JRuA3Rttz8YwFcfyssjgpKGutwWpQ5u+A1YDYL737HioX17Cn2HrS6h -YjZMB9WZQ+968UYjGd1Df55S5EE0BS5MguqZwJNwX2uWM8wtAnlF6c/asSw+PWWs -V0nC0F0bCFLCOAb7ChJWDJQXLCrWD8WbAoIBAQCt0g3SwYVhwg8qJOylNxwI2eS3 -98x8kbHea3xdtm5m2YMqrqLTvR5+PthXJmwy5K1SRyWW7V3U/y4fRVDE2T0qtOeZ -zyWGvlzPZhnPWHp5WTZwkpbvr6Lhr/bzde71hVy0GKyURL2gfRBzLxTF8B4SC2a7 -PTfqs0rHmQ8lKWPshEkwEYhJSG81l/9k8NmBLARfbZ30IVjYokQ4hoOO/IkLE4zt -p8YJIKifVrTmQoUM/uAxjKRfnBrDDOC0UUSZNKxl3PdcY84n7PaI1cZQegQhNUYl -TVjxCy9LrJ7p5r/G3YGzyP0Z29pOEXBOODurOSca+FR6nnjCD2FKJBvwV0wN +MIIJKgIBAAKCAgEAzqQxaKm5I/L4+c0+CGGpcV3Gl1KIVU1QS488Sxf1eufpNi/N +31GaObrwYN1UGATHTp8UgD7oO+3JolUsQDWMrSdfn8GWAad45RxfptX9wMbTYUZJ +SQQtRxmE8Q74idUvoV9gU6rur71qUjc4HQYKR6yhI5bwgPmzqQqhj1odmVtqdbxi +3btMp/N3Brgcz5c2fbp8KboZSbjte2U9BKcQniZisrl6I77HllbDDnwag849ZQe6 +KNhjZzdoWqWEh2OfR+kN6xcItwwg/rI9qdUrId/O5PPLvfbPDG53JIdUj70mW9Lq +qTgJE3b54mgMYHKconl7CbMNyqPVr9TgAaQHeT9mPHcKAv7ylYn8kix1yis7Xjep +q/IlFyEb+KAKTt06wroSrrbo2J8VPC/UikGlg4puZq7XlujP5uivjqtAoHhRPmAS +bqYCZeFEMMV7BOFVKYj9sJkUx6ba0qhdqLYc0g661Ikm4MgrORVeXAWxUDp1gaOk +vNzSOWsLXC+EAnzKml2LmfZ89NgkqbAHazfh25+xVK+etWzugkaUZ11W25WdogpV +rE4Xzv1ussGcL8KvAe6NMT/Pvg/o738P/CBQRzx4qdiCmakzcNfyFeW7jPg/msk+ +uItB9Ict1CoMrcxUf+MDQgqb05tgFZu4WH2987LqqrJgAOyGRbmwDjNuRMUCAwEA +AQKCAgEApJH7j6FsA4dkZn3g44f0DIdku+tNDLKQOj0PBbdFF+dOwor76NjyfPu2 +qU5bxO05VhI3n5N6HRBZv2EZ5uE+8kAjVfY044hfLgiU3Sgb+cXfXt89Slt7O97F +E76ajhss3dY5vyipA2lVHblAhUzkLwT7KH7zd6RmQ0BmPubEH/jAJpgsHO8oM7Ig +n0dOGr4Q9bzpWcoOjbor2FRebjAneeyUOkahUYqFJeRfYE/SRhqgpq+qwRDkybVE +9LxRegoLNpgTL6GenTmZpX6KwZE10rqN6aWII/hGGV54oKzu2bMIs6Scorwv7kKY +7Il1IfLlcDhTlvv1BefJLUnaRTQ/hhBstJord4e2rV/KaYG5w9Ya3Eu9QPcoPrLc +grreqQyHjWIHh3E6i/8/o1aa6OMcrQf1vxwSG6ItG7aaPYcwpfAOV+72NNqii8pB +NG+NUnNYTl0oUg9/PSKYPxgX2+9+poUEzJGWQvf4/x1JZ4giCg72tgXGwRT6OGTC +Xz9YJErkKkDEQ1LCXxJVT3p5fX3L6mFQj0M1Em7KHcZddVGckDKq8ImZGQ2Qj5pV +Tyg0dVpdWpW8JBkGej8CaWeL3U4nFMVTNeQvQk/dLlQy3zNX4EcBvU8WWq0p7LMY +VoFwjjx3Y56o1cpm6cMJGFYWhW458Wz5GESOu7Ur6XzW2/E9BhkCggEBAOfZXqyh +2k/KP3VrSp0uJiZnmv5nhsX58wvbWUgYPAKZ4bOfv/CfjYde/jmDA4E/LbDNf/Lw +EoZQF6sys7HNR6HPk/UvVcoDsexvloOZijP6z5s4UKX3qx71dfLeoU8zCMSRU8A0 +GAJqyXhcUdqhXdR3TudZn8b6LMl/bC2cJdJpvH929PqlaB9WwkvmGkMAIHaTV7lM +fNlgqJ8ZgI/bcTZy3dfzZB+/rOt0NVX6f3XENGeT5GhyTKKQRDFbxWz0ViPI2SIq +g9uzPSoIX9sB0LnJBMku/Dyv/XK4h2d1ozP4bZNh1g1RX1uaKO3r/t+MFdegWepO +aw/Xh2v2vmgVgU8CggEBAOQqnl4ZZkNH5efgTwswHBal0o2VYrm5a2IdO0d/epMO +EdHqEAPzAKEYtR4f2m/Q/nQikY76/ZSX0GYtkGerfcv/xIEp9lXcq+iaVxjv1yOG +Y0eplA8VjhPIg4YSd2agOW8lwgG92+ZjZZYoichy7KKhwgV1hqMxefGl0KrUSy9L +rqZIBsevoqwW2UGxn/JVjTnqkstklhTt/awsPYOOz1hkk/hryMLud/fXYk8oBd18 +qpIJEyK/pm5BY5iLbmEsO77DPfbbG+YWBbR6vRCCBNcXDJL4lg/TRyF16PVyhaGk +LmA+5vm/AqygJqhKds65yiAF915+Symo+NzsDX21i6sCggEBAOHB2J1SsOh28Fne +knYBBObqhZLpreNDInXOLd60smJ6ArtMd7LPOhmx1uybdSM6KLx7LfaZ6//bJ2Dt +aupcED8wiEr7v5aJCIxIkBAuxtMci2ECcg1Z38eyjhpizEH5WLVHKX0DfMmFwA4y +HwY7kMkdL7i4nYs7+bZvHCBBZta/XOvlImCaBYxWh7UuJy5Mhk/P42CsaPmmVCsv +wu7RaCjzqq7n8fu0QaW3r2O8GrbKyZh9+q/1dEfrIGvLh68zMFmB7mSFb4XTv2AZ +bXUtDFiLs9xOoxBY8fruUfLdKoCli9UyNCMdtDPXJbmezbxRhMdE/ajYmQmA/f2T +8w4YuqMCggEAOiQSDvBx+psLnrat7a/ouGyw5ps2eRUio/HG9UUquuZO7Cq0wgze +EC73mCGNzAh5jqZwaPrUO1UkKaVastAkUiNus2s59k8xDyilIRmcvNS138D6lY1s +kuX5feSewGv7trLsaP00V9TkQgs6cPW4DwkhI7r7AALPjCAwuBc4wWiLrJuV/rRm +w2tfGTpmA56BSkzX8zRCejra9VCgrDFr7J5Uhm0Qz3ts3p7n0jvkorftzyC425Xy +lw3ajziYe/KFluqxk4Hp7guWkJLmMpqvGRAqiBkIRCgWbBRbtI/mNXZcyvG8cc+W +ot58e03eUHdPZjGfA1kzVf5UzBbqqSnl2QKCAQEAh2jf7a01QXhheZVxvS3fsA+O +ZNHuuE06Hs67rBCfXZDq2ql3nu2fjZbMQpH7IAVb42rm1g2jC2s6OG9eq7xIFMGA +4LRWNpIpDuw5rwlvEBMsPPAqSyGT5Sl6yGh1qYjVD4tCPHVatxkXjf3CYoTHqL1n +O6HSL/8Ip6RUQM0/WykVKUyGRX1UmzGw1dPRRdHCWU3f92YlGhCYZqSQq8KfPGck +vk3aRZFtEd+T3mbNTL1ulPX3t3mXMmnNQRACknQfDex/H4Ed1B/UG7/11vgO46Gq +WqWoebhoSJ3trR3UoiusgDURkO5wZNgzHzfrrUaGtcHkDXCqT86rUOGRnw0TEg== -----END RSA PRIVATE KEY----- diff --git a/scripts/Makefile b/scripts/Makefile index d82ec0817e..ad029a1ae3 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -1,4 +1,4 @@ -CRT_LOCATION = docker/ssl/certs +CRT_LOCATION = ../docker/ssl/certs KEY = default O = Mainflux OU = mainflux From 2668bd4965685d7ad37b8d6a2272f929a2fab231 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Tue, 26 Mar 2019 17:08:54 +0100 Subject: [PATCH 04/21] Move nginx.conf to separate directory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/docker-compose.yml | 2 +- docker/{ => nginx}/nginx.conf | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename docker/{ => nginx}/nginx.conf (100%) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index c51708d6fb..349442990d 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -18,7 +18,7 @@ services: container_name: mainflux-nginx restart: on-failure volumes: - - ./nginx.conf:/etc/nginx/nginx.conf + - ./nginx/${NGINX_CONF}:/etc/nginx/nginx.conf - ./ssl/access.js:/etc/nginx/access.js - ./ssl/certs/mainflux-server.crt:/etc/ssl/certs/mainflux-server.crt - ./ssl/certs/ca.crt:/etc/ssl/certs/ca.crt diff --git a/docker/nginx.conf b/docker/nginx/nginx.conf similarity index 100% rename from docker/nginx.conf rename to docker/nginx/nginx.conf From a8720d841f6eed18cfb3d16915cc078f7ff31e3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Tue, 26 Mar 2019 17:16:03 +0100 Subject: [PATCH 05/21] Choose between two NginX configurations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/nginx/nginx-default.conf | 188 +++++++++++++++++++ docker/nginx/{nginx.conf => nginx-x509.conf} | 4 +- 2 files changed, 190 insertions(+), 2 deletions(-) create mode 100644 docker/nginx/nginx-default.conf rename docker/nginx/{nginx.conf => nginx-x509.conf} (99%) diff --git a/docker/nginx/nginx-default.conf b/docker/nginx/nginx-default.conf new file mode 100644 index 0000000000..9f0c49cc41 --- /dev/null +++ b/docker/nginx/nginx-default.conf @@ -0,0 +1,188 @@ +### +# Mainflux NGINX Configuration +### + +user nginx; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; +} + +http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + server { + listen 80 default_server; + listen [::]:80 default_server; + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + + ssl_certificate /etc/ssl/certs/mainflux-server.crt; + ssl_certificate_key /etc/ssl/private/mainflux-server.key; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; + ssl_ecdh_curve secp384r1; + ssl_session_tickets off; + ssl_stapling off; + ssl_stapling_verify on; + resolver 8.8.8.8 8.8.4.4 valid=300s; + resolver_timeout 5s; + + add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header Access-Control-Allow-Origin '*'; + add_header Access-Control-Allow-Methods '*'; + add_header Access-Control-Allow-Headers '*'; + + server_name localhost; + + # Proxy pass to users service + location ~ ^/(users|tokens) { + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://users:8180; + + # Allow OPTIONS method CORS + if ($request_method = OPTIONS ) { + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + } + + # Proxy pass to things service + location ~ ^/(things|channels) { + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + add_header Access-Control-Expose-Headers Location; + proxy_pass http://things:8182; + + # Allow OPTIONS method CORS + if ($request_method = OPTIONS ) { + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + } + + location /version { + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://things:8182; + + # Allow OPTIONS method CORS + if ($request_method = OPTIONS ) { + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + } + + # Proxy pass to mainflux-http-adapter + location /http/ { + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://http-adapter:8185/; + + # Allow OPTIONS method CORS + if ($request_method = OPTIONS ) { + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + } + + # Proxy pass to mainflux-ws-adapter + location /ws/ { + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_connect_timeout 7d; + proxy_send_timeout 7d; + proxy_read_timeout 7d; + proxy_pass http://ws-adapter:8186/; + + # Allow OPTIONS method CORS + if ($request_method = OPTIONS ) { + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + } + + location / { + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://ui:3000/; + + # Allow OPTIONS method CORS + if ($request_method = OPTIONS ) { + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + } + } +} + +stream { + # MQTT + server { + listen 8883 ssl; + listen [::]:8883 ssl; + + ssl_certificate /etc/ssl/certs/mainflux-server.crt; + ssl_certificate_key /etc/ssl/private/mainflux-server.key; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; + ssl_ecdh_curve secp384r1; + ssl_session_tickets off; + resolver 8.8.8.8 8.8.4.4 valid=300s; + resolver_timeout 5s; + + proxy_pass mqtt-adapter:1883; + } +} diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx-x509.conf similarity index 99% rename from docker/nginx/nginx.conf rename to docker/nginx/nginx-x509.conf index 82a591a528..6f687d7f21 100644 --- a/docker/nginx/nginx.conf +++ b/docker/nginx/nginx-x509.conf @@ -1,5 +1,5 @@ ### -# Mainflux NGINX Conf +# Mainflux NGINX Configuration ### user nginx; @@ -219,4 +219,4 @@ stream { error_log info.log info; error_log error.log error; -error_log warn.log warn; \ No newline at end of file +error_log warn.log warn; From 8ed567b7768e2d621bb5b220c16b61acb72cd2de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Wed, 27 Mar 2019 10:33:55 +0100 Subject: [PATCH 06/21] Move certs Makefile to docker/ssl/ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- {scripts => docker/ssl}/Makefile | 2 +- docker/ssl/certs/ca.crt | 32 ++++----- docker/ssl/certs/ca.key | 52 +++++++-------- docker/ssl/certs/ca.srl | 1 - docker/ssl/certs/client.crt | 25 +++++++ docker/ssl/certs/client.key | 51 +++++++++++++++ docker/ssl/certs/mainflux-server.crt | 40 ++++++------ docker/ssl/certs/mainflux-server.key | 98 ++++++++++++++-------------- 8 files changed, 188 insertions(+), 113 deletions(-) rename {scripts => docker/ssl}/Makefile (97%) delete mode 100644 docker/ssl/certs/ca.srl create mode 100644 docker/ssl/certs/client.crt create mode 100644 docker/ssl/certs/client.key diff --git a/scripts/Makefile b/docker/ssl/Makefile similarity index 97% rename from scripts/Makefile rename to docker/ssl/Makefile index ad029a1ae3..e503375b5b 100644 --- a/scripts/Makefile +++ b/docker/ssl/Makefile @@ -1,4 +1,4 @@ -CRT_LOCATION = ../docker/ssl/certs +CRT_LOCATION = certs KEY = default O = Mainflux OU = mainflux diff --git a/docker/ssl/certs/ca.crt b/docker/ssl/certs/ca.crt index 3ec4ec508f..6f51bcc773 100644 --- a/docker/ssl/certs/ca.crt +++ b/docker/ssl/certs/ca.crt @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIDjzCCAnegAwIBAgIUGSC370cM1AKobznTeJfSVcEsT4swDQYJKoZIhvcNAQEN +MIIDjzCCAnegAwIBAgIUdlfcfr+FaqVByml77RQV+JE+wogwDQYJKoZIhvcNAQEN BQAwVzESMBAGA1UEAwwJbG9jYWxob3N0MREwDwYDVQQKDAhNYWluZmx1eDEMMAoG A1UECwwDSW9UMSAwHgYJKoZIhvcNAQkBFhFpbmZvQG1haW5mbHV4LmNvbTAeFw0x -OTAzMjYxNTMwMzNaFw0xOTA0MjUxNTMwMzNaMFcxEjAQBgNVBAMMCWxvY2FsaG9z +OTAzMjcwOTIxNTBaFw0xOTA0MjYwOTIxNTBaMFcxEjAQBgNVBAMMCWxvY2FsaG9z dDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsMA0lvVDEgMB4GCSqGSIb3DQEJ ARYRaW5mb0BtYWluZmx1eC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQC27SQQTvWk7/61JEEhrM8PzG0CjIdAktMRMgGdfU9vEJxs1bihoOXfspVZ -smHbtiWJMSZA+9jdV9fiWLE+S/hS+3324tLggdY9/kRGNiS1hmAFwWDaJ13qovo0 -FMNK88PQcLiIKJTRb+xBaB+TFC7NrmGL6X4y/rM+1BIrc5NA5JE/heWIpaqSppc6 -DOiYL/bqM2JfExkbJBEl9AoIiKyUdYKnN0xaADkxhVYNQqG2ZNtRP/ANLlA13Fq5 -hP2evufoHTTghDQz129R1RfgY5fpyyoL4XyM3lOgutTyhyfLDZkjvl942kQBrMFZ -KJlnmnR+tDGK3d5dUYCXpUK6PgO9AgMBAAGjUzBRMB0GA1UdDgQWBBSeRBvYwp6G -X/SZ39WjfDLoRQ/1JTAfBgNVHSMEGDAWgBSeRBvYwp6GX/SZ39WjfDLoRQ/1JTAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQBxfq2QtFrWfrRJdmyX -RSRYUDDnmdaBG873IwDduCNc6g8Y5vqUhmcE8cqUE26T7GCQE1uWSSRKb0IrFFp9 -cctNiF2YbmtI7tQIdWZ5H5UOl+aSSv50S1/A5AnSeinQozpYgtsBa5i7raVJ7Ya2 -/ljwEblxBSi66OkVzrAJHRYBPEhEUos8Ci/OVMcOLvpxzukLlj3RpZWJy4fwOH6y -VcDB76tzSS6Kedna1QqZNme+s9voVnCJoyQihVk+Lr2k3PKei95Xu0opWLRDdTU+ -0xTZDTI3orecuDozZ/QOSDotVgUlHBRMDnwkRyDCUtVe699DAN51oJKm2HfR5jes -fhT1 +AoIBAQC8eFXaEKZUnvMCrD7YqtxMzICCl2xM5GloGuQBO0I40Vagc+onHNpGR1DG +JYOq+/Ot1bGSdrb7pa0TGtbWxUgDTO4KbzgFW6KIqytNxrGmNkxNxpf/mB7un2CZ +AOO9clbk6w9pD3m3OIcYmf3pjSRbF5zIkCJqVxCr+Jx3UGqR0w+FD7j/dMezkNdS +lopRj8DCCQNaJP9OFK0kAvCaCM3+dweIf5J7OI3rEPGB2xemVIneRTgeEdjCshCv +of+EDnxN7vJTyEm+6F+gcACXtblGvBRTl/aoygOkJei0NSiUJYm7nt6VkHM0XUDT +zXV0Xn9ySOzrU7LsdVzaopzrcdOdAgMBAAGjUzBRMB0GA1UdDgQWBBSXz4Rilllr +v0UKSaZHNCgfP6u2BDAfBgNVHSMEGDAWgBSXz4Rilllrv0UKSaZHNCgfP6u2BDAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQB3mLNhdWSonrccmQdt +AlY/nWGKOwoIyHrnC7l6SdiWm3X++m0os9KPJuEGI80cD0wLR1pTlqnXHtOABI5Q +LSsKDRDK92mzcHU4U5r51FMC4GUMQxuqg46x0zya2yj5GjsXg2UBxl2/Es26Fq65 +aUARGFY2ozKPxiS1qrCRnLTtz/SQpjn1cZgJO+qwZzuAS/K9epI4wac1+Jxa/++3 +GEHAjq0DGu3Wob+kFJNGcz2N/KX3qawgvsqTP+/oa1mhGG1/3pjNTW02r+vwY0ms +wY5kg/Eobd+KNyrEuH1eeuodhvMST86iEooFKdPe/SNfmpcOsN/gxg9XFM/pDAys +Bg5M -----END CERTIFICATE----- diff --git a/docker/ssl/certs/ca.key b/docker/ssl/certs/ca.key index 11c88961cd..0f763412fe 100644 --- a/docker/ssl/certs/ca.key +++ b/docker/ssl/certs/ca.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC27SQQTvWk7/61 -JEEhrM8PzG0CjIdAktMRMgGdfU9vEJxs1bihoOXfspVZsmHbtiWJMSZA+9jdV9fi -WLE+S/hS+3324tLggdY9/kRGNiS1hmAFwWDaJ13qovo0FMNK88PQcLiIKJTRb+xB -aB+TFC7NrmGL6X4y/rM+1BIrc5NA5JE/heWIpaqSppc6DOiYL/bqM2JfExkbJBEl -9AoIiKyUdYKnN0xaADkxhVYNQqG2ZNtRP/ANLlA13Fq5hP2evufoHTTghDQz129R -1RfgY5fpyyoL4XyM3lOgutTyhyfLDZkjvl942kQBrMFZKJlnmnR+tDGK3d5dUYCX -pUK6PgO9AgMBAAECggEATGoZw5pIcUM0IpVng9q9kLrz2rm7klUDSM6b8B81vI6y -2aAaBaLCBEWEsDidOnwHiBz4/vJ18FjOvSYRvJVdwcR/JVAxiUmTpsf921qo0Q+2 -MxFKFTeWuvqkDHeT8U6NQRilbXOOX0Mi7VvCvN0UhCVRaHH8nu7ZD+jlQjOAkv1z -fCTnIKf36AP21osmNHEr7XZm5kM8Y5PBfdsX0dR5yZxGln5fjQ8pEIAL0r+enIdY -YYW7RBOzOIDO+TvQVq5kaMXIZvIwcuDUiQigAQFDYXV+au21HuaLSRHI07cp71xi -Ip5s2TosN2sseBxB3n9Y0Ey4SUpy5BkxSMO3ygRFHQKBgQDdMfVnPibp5ADjbshK -3C6RLWlUYh2W5KCfL5RFzLlHCRNwdFvrbBnmWCI3WOcp5PfB4zVy9f3x1udkkqOI -uKrs7ZyNLFYix5oVfnfj/J9ujAOH76n67kGhzigwzQkzy63fKeYNH1gjap6YSBuC -hoEAQydC2RxQgfBf0cNxf/tY6wKBgQDTtamF71A+zFQKyklLQPjRtOAU/r5oLobD -m97W0u/Wq8iOJa6PLMTDFP+MYiFsbWGSDGz72nbj9MlMMtet+Ntxo91SLtIuqZkF -/JJySrU+Rw7qmppFLc5H4VsgM0tGQK2As5rkIjdVpEFSAJPO5fNWODBEycMpKUMs -Z+or/XNr9wKBgBNWB67TxxERJma7S3UH1GZKgvemcBG9wLDJtvt3Dwc/qtxcv6BP -3d+9+pe+BM8rveDMHOME0AMxFx86lmMgSYjWqKXKp2j46+ZPHOnoLoO6Z6Cdec1+ -wGwFmovRkKlfd76Xag3hnJHUAzMqsoTxfxtnw2nbktcS1NF7g8tLNcyrAoGATlO8 -x5/V6ZYBVgine18rb7Li4QGrArKMC50EoihiseLWjbjlT3V5ys9fCNpZkVsaqUVN -oRSfvhEX1MhOwb/7uJyuyrQl8TuwMOXUbNK1Ibh6jVPr1cJvumpnI4+2vuQ5DQ/m -M5dxL49Y13T9OqQbFoAtY5XeTcFFaA1+Nw5LgNsCgYEAuTwkp1zpRVePayT6HZIa -LaDZQ0kJanZDAV3xpHSj21B6KpXforROAQ/iy+nBfdNSUmjwu8Lk3sbEt+jebuvK -pWjklnmLWAwV8wTMaQ/pfFfh+1fAzEjmHIi9nmpcoO3SSxOk4R5FP5JoVef+nAf5 -LV8OsxZC+GphXGo0Mr/SnII= +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8eFXaEKZUnvMC +rD7YqtxMzICCl2xM5GloGuQBO0I40Vagc+onHNpGR1DGJYOq+/Ot1bGSdrb7pa0T +GtbWxUgDTO4KbzgFW6KIqytNxrGmNkxNxpf/mB7un2CZAOO9clbk6w9pD3m3OIcY +mf3pjSRbF5zIkCJqVxCr+Jx3UGqR0w+FD7j/dMezkNdSlopRj8DCCQNaJP9OFK0k +AvCaCM3+dweIf5J7OI3rEPGB2xemVIneRTgeEdjCshCvof+EDnxN7vJTyEm+6F+g +cACXtblGvBRTl/aoygOkJei0NSiUJYm7nt6VkHM0XUDTzXV0Xn9ySOzrU7LsdVza +opzrcdOdAgMBAAECggEAYrywTYP3f9GeAkJ20lABBgMFOGVYCZiIWE/uL276LIYP +WhQgEcmd2L+343b32fYRHXscglzLVF7ho2amMvI73e7JrpHByZzOM8do8mAr5aYA +p6ZpLzBk1CKPGtlKdo+WUmuLMUE4RPLKY+sZCOg2qbpfGvvX69odE9s1LZTln+sK +s4TWyDCe0Fb3wJfSxFOxqdLLwPANEoWrC3JgY0EpFGBWVrv6HyRCjfi1kcWj0ex4 +eZR1UZS3TOm82gJnGSlLYqgMjz3f/EWUSdDF+vsNtk0Ak+vqDHQN0m4M2jZ3DngH +BlvU+22jO2+OngUkUO6JPDFuo4cGt5kgURFf+I9FwQKBgQDhuQfTwmZ6/gd82X4b +gJP6cFdPY212WDbsCl1+kqGkGQsAgPzADaDyr6snLCZTiLqrmeyuqqfGOR8GIytI +6/B379iYj6HquEYv4JrBjZQTPa2Px/7BsUtdZVNEU8/LU0d+mZqI1qtiWEIzXlT7 +ubfkBJlAUqD5r0RoYpK+/YnC1QKBgQDVwBq6PRNCCiaWniQN6jYzhpWzZiiCwKsd +gOshydVVXnwRWwhbBEdKcz/yQGMrOQXM+7NvkA+Id4XQ0y792TyJ3PNjF3oM0Cl7 +X9HJwYP9gEK0UUmeuOgqwLXOl2XRLMW5qfddurMmPG72wCNxYK2o0HXlywPM1ETs +Vx947bfhqQKBgDIG7UosksP9mzE7juyPgbyGu4MX2UHaaUnFPlV4MCULe9m/vMTg +AGTpNDi5W0E2U5EGy2Mm5YpUTKDymHxP9nrOiKW/Z7Z64utnj0UImOHu0JHGVJsf +LUHk3CCPpsU8juLrLknXsiJYx0tVQ+aKkcwSjNipt42/H503A6kazjaFAoGBAMAj +uiLVSd1gQIW9y80STvyMKz8jQqEeTfLscvBhfLoLf90eBmnCc88RwFaj2ED/Nh6n +1wke50eVoR0w6JnZT9jhW4skjFq+N7umS29f26ThSZTLSTE7J79ekU8OusCHzYjy +puCDNgzV4C1AU9vTuub31DLnBhh2aypDuo+6qENZAoGBAMLivsTjst+3z7XyW+p1 +VLxRAfM+F1MO18bwrrgoOKbKFb2foKDoZbvgjlNf+E1Cysl6OG/hNEonQsHbyJSH ++2HBYiovndIluqCNbKcVuXSIMAS+WsUr9c76gWvFVvIpdG1S6gaUua3TB+aR1sxO +LkFunJ2d4Wmuq6w2adBZGNMK -----END PRIVATE KEY----- diff --git a/docker/ssl/certs/ca.srl b/docker/ssl/certs/ca.srl deleted file mode 100644 index ce09439efb..0000000000 --- a/docker/ssl/certs/ca.srl +++ /dev/null @@ -1 +0,0 @@ -46AB94F35A2907F719647D80C9259B215C24D364 diff --git a/docker/ssl/certs/client.crt b/docker/ssl/certs/client.crt new file mode 100644 index 0000000000..84e131b7ca --- /dev/null +++ b/docker/ssl/certs/client.crt @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEOzCCAyMCFEarlPNaKQf3GWR9gMklmyFcJNNmMA0GCSqGSIb3DQEBCwUAMFcx +EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM +A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI3 +MDkyMjEyWhcNMTkwNDI2MDkyMjEyWjBdMRMwEQYDVQQDDApDTElFTlRfS0VZMREw +DwYDVQQKDAhNYWluZmx1eDERMA8GA1UECwwIbWFpbmZsdXgxIDAeBgkqhkiG9w0B +CQEWEWluZm9AbWFpbmZsdXguY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAwVCvzpjxqMPrr1/5V1wQuzF0MlobYrG1xqVmSaSxKkMHGQopDw7DNIdg +BuZhJh5ZNmJSEU+6zLvSNKprVn/MBUO8LiNVz5uB83WllFyw+jdT5g90LwBOiec5 +IQA/Du2h//c9/NXx7oQsL/xkSEU0eYhzwoq3ZEarBAFzP5cquCuvWzJpup/kFI+B +AD/lXc+L4mDqYelJPqqXlG1+8bzH80pprhuZdJriiRIkzFQ0sZPtL4Pq73DxCEjy +qt0NRWsavFvMkM+EIWvIIV3poLSH4TYzRF4C+/oZnXnD5ev6TrAFY6/9E5awgkmx +S9SPK7G0XyHahDhU2C0M2Ax19AD6yKDThFz88HYh0IgBYkQKm2qASFr7wNT1n0vj +lNfDg+F7MziYNyP7kLXcQLj4H3qNB5wuh9cTUmvXXByRisdR5RQBOvedzWQI1DHB +6z1NhAGlqVwzZY3Z+spbE21t+dGV9VTOTdowOqnBnR39Z+GbZppHD2mkhP7YbU8Q +RDsqJIVId5X7GAvv/7FcmQnWd7THkDioFIi1xIK8F3Rt32JV2iuPWjnkAW4BMIrG +cbhKWfhSv9NPqyuKWn4I7jN+91EbmqKSVdSC5nGXyvaL9KoVldCR8fwc//1dlXhm +bBv2yzAQFgt4g2+w1TMFy7QyL/NAiJD553/+jdPP5PQFM9slYFMCAwEAATANBgkq +hkiG9w0BAQsFAAOCAQEAB1rCr8mhT/J7rSBh08Dqr7E8UTQoT7Rxzg0P5vA1hMp0 +U7gZ3eZ1CsXoz4KkfXe3NBRdb/YpSX2jtzOUjh46HStU2DfNly88lsZmrT61xsV5 +D2I1LsKdpXHn+y25qg/zsqK6E+nNSKnLYtO6xAwuPSHdl00mmbrBEpjw9bMtL9ux +Bo7MO5fY5J4MRdtWJglvRk48VtKh+FLE62fD+25DF0lmY4C9yhZeKxOcG6lATd4A +fw/MfgCMgwvEBNQ/vH3OhsIL5R5NuOumfeWfzoFTiHKVn3v/r38BsMg5ql5UcmbC +1udrjfU2/npWQNkBfNwVkREVqsP3Wo1Gjp7IhIUdkg== +-----END CERTIFICATE----- diff --git a/docker/ssl/certs/client.key b/docker/ssl/certs/client.key new file mode 100644 index 0000000000..ac78b331f9 --- /dev/null +++ b/docker/ssl/certs/client.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAwVCvzpjxqMPrr1/5V1wQuzF0MlobYrG1xqVmSaSxKkMHGQop +Dw7DNIdgBuZhJh5ZNmJSEU+6zLvSNKprVn/MBUO8LiNVz5uB83WllFyw+jdT5g90 +LwBOiec5IQA/Du2h//c9/NXx7oQsL/xkSEU0eYhzwoq3ZEarBAFzP5cquCuvWzJp +up/kFI+BAD/lXc+L4mDqYelJPqqXlG1+8bzH80pprhuZdJriiRIkzFQ0sZPtL4Pq +73DxCEjyqt0NRWsavFvMkM+EIWvIIV3poLSH4TYzRF4C+/oZnXnD5ev6TrAFY6/9 +E5awgkmxS9SPK7G0XyHahDhU2C0M2Ax19AD6yKDThFz88HYh0IgBYkQKm2qASFr7 +wNT1n0vjlNfDg+F7MziYNyP7kLXcQLj4H3qNB5wuh9cTUmvXXByRisdR5RQBOved +zWQI1DHB6z1NhAGlqVwzZY3Z+spbE21t+dGV9VTOTdowOqnBnR39Z+GbZppHD2mk +hP7YbU8QRDsqJIVId5X7GAvv/7FcmQnWd7THkDioFIi1xIK8F3Rt32JV2iuPWjnk +AW4BMIrGcbhKWfhSv9NPqyuKWn4I7jN+91EbmqKSVdSC5nGXyvaL9KoVldCR8fwc +//1dlXhmbBv2yzAQFgt4g2+w1TMFy7QyL/NAiJD553/+jdPP5PQFM9slYFMCAwEA +AQKCAgAKAWMYDlJzqbBJI26EVv+GsMiS0pcYRJpj7audpCiHR3DWmvAFF36C+X6+ +3K2qi2eSqQQWYUoJzq7Siv+DOpoUq6zRtoJ6fFH9h9lKFIIUcUimX6ZjyGBIQu9y +BdE9tI7t8J4EuA4Nikm/MhD+rJZKtAVJzGQxjHbNfkW4xNoxLhGlZraSMjRb3BGR +Mb1tXZCf5uQ6rRhdZfbyd7haSqsOrItLt6H5pwqSjZ3Z9YHEryNXkjxWqEHRa/Uj +Ys2NCj4YAahU1mjAUhPJplKxPqbJwURmBXeiEw/AVs0M2WnbKMEep70xhlscYzQJ ++LZwTIJJajclIMVDaxF/HSX9uw8/vAE9lf52zQ/av98F8v6+aIAZ6/pabQbJJMsC +L+MfEz5GopeJLWhZeWzdKd+iU8fQ413kml88XBnLPBOJ53DZmedjWWDjm40vgiMi ++I+FAQVdrtd7josrHyVwte1SCYXpazAVJWYkXMkKevlOvYoc26PnEsYuABaMh7f5 +9yPtkxLbfkD6/A4VnMPUfdox3OCoF21qoyB6BQw93kOL6cW6u93e2mKq0KedEnYS +TU81B1UXtM+/odS83QeEFcEyYeN6loVpGxvouZ2sdTh08I9C7mKbHcdL2PiAT/r9 +n6dvT+vKyaTTpn7K0VW+2i3ZkZqEBVTrKjddaaWu5hoC7iACAQKCAQEA7FG6HLb0 +C8MIJYJuWRNAX38N3SUA3zSt1J2xFuTCqFJYgSnwDdfBQFuS0b1AmH2rZSjSOUTT +4b/vcbkdY9YyLSq3CiIx4Xa+PH9N3XfGy9bbY3yII2uDEYuTt15xU4uaMjR+Drcm +O2r3KgynwamM7Y/67XYHyziHrYv7cz2xwLR9z1TWMy8qejDwnaK2XSa0TcpkfRSz +L7ppej7RTztHA+6af8WQh0aao2U/gVTVS0QqWeDob6xsnGeT29UpK8Fs06nNGc1t +JcZhR3nq2UEI00gb2rghvJuwUkt8Kf/9qeaj1mDS9Y0tK8B7hQm+edxhiJHCvodI +Ska/76PUiujcTQKCAQEA0WofcN+WHJW9iZt+oijCWGZ6yZd5XYLkhD4eGdP3FSIS +Mr0WaVhsTmH+TOfWLCmS6wnwKZeliGtmL8SnutKQR133y1oGCvavXh4At8xDNQZz +FoNc9f/Z9lpgqiJAuwaC5rbEg2AxMPMUvoXA0Mk3bd2ESHbiKZ7x1k8GbrlgIFGr +M5hG5o8yldqoS7KRttWduPDaRMCt43CNycZwFpo8F0fJ+MvvcWnZ+UFwwIFq0u9C +nRiwgF4HG0MUgryDC40pbk3/B50Ik8m1inke3wD3bmFFMh4anDPpVsL3mDlLwuij +TnrplbqAK3Rkt9wVvenEBoZLdmg0jiHbrMO1pIr/HwKCAQAqEtLj0d7ZSTvmEba7 +vSW02tYJDVF+a86XEAw7Wzcc6KxBMso+bK9HWgZluSALBjTBqebjs1FV2+oxgReu +crA0QmqcL0JaNd3gv3mJeI24NOSSbdV/GOEY+pSuDO54RV6KmbXnwMvZwE2I+v/T +BvDESuIN7PmuQL5HM6js94ryGDBd/Wi1bCxP3O654gI9y2pGf0YszsaoNLQaw5xY +UuFt3ck7/lyg+P0HIjuQNx5SbCxuHBDF8RjVL8uvU+AknidV9+FAOsa39v3Sz+30 +CBQeKbRr2GSJQ968iBvvDliHKzz4KfzlIuFr7LURFo8G+ymSOwFFEqjYMIhzjeOF +Z7fxAoIBAENWzrlrDEgw1nvzZmsalDP88Cr27G3nczgbCW7gvCkthZCPQS+q4Vjr +Jezw9+vHipjN305glzgg4QEnSZBHuWFZlB7t2deYr5eiKjTwGARrCIMKxs/L7/jJ +4x+SWCJL27f4uYRNYEQPRnJlbDU3Hv3TJ4Btyhf8JmP1kWn1bjW2TUkQBGyLS4bo +gwmkaDrUwh0ARg+prcDfJpjlmJGMExqhWQ8J9PsRQKhoJKuicglWKqN9lvQQSFS5 +41SO7cy/Hb18ky+NjX6IdDoM7KJlGyuBV9Df4UqtXrEpjJiEhBou2KSZ3ZbqG+Dd +Uq3UtaEWFJTMhmOS6qNxu8P4QuagU50CggEBAIKzdCmFcjipRoz5EHHG7M+/TLtD +3r4PiXa4vXfy5g7uf7dLzv1kpqx5c9R8FAXer31WYeu3xMe+zXDJ4/H+mEvd40F8 +1GzgRVrk6BawRqMp4M2cjXHaUaqvgY4t4krs5RMzdPqh7avfZd2YOf7LFrZS2sjK +DHOS6Fd33g0TGjIBog/iivUnKbKbNHyQuSlLHAzGQwNwizxFT2fSfPkRVPjD2UAS +vbgIDof/YrtrIJ1jPMcv5r+lxuzJwNShmXW54lTchVbkSiKNTe8Jakgws1O5ITFN +v3l2Tl1+Va+lUh6oLpD5fUg9ax1zTdRvuJXQKRiFDwaJ+MocTvqSy/8vIcE= +-----END RSA PRIVATE KEY----- diff --git a/docker/ssl/certs/mainflux-server.crt b/docker/ssl/certs/mainflux-server.crt index 1af6c245f5..94afad5f44 100644 --- a/docker/ssl/certs/mainflux-server.crt +++ b/docker/ssl/certs/mainflux-server.crt @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEOjCCAyICFEarlPNaKQf3GWR9gMklmyFcJNNkMA0GCSqGSIb3DQEBCwUAMFcx +MIIEOjCCAyICFEarlPNaKQf3GWR9gMklmyFcJNNlMA0GCSqGSIb3DQEBCwUAMFcx EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM -A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI2 -MTUzMDMzWhcNMTkwNDI1MTUzMDMzWjBcMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAP +A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI3 +MDkyMTU2WhcNMTkwNDI2MDkyMTU2WjBcMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAP BgNVBAoMCE1haW5mbHV4MREwDwYDVQQLDAhtYWluZmx1eDEgMB4GCSqGSIb3DQEJ ARYRaW5mb0BtYWluZmx1eC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQDOpDFoqbkj8vj5zT4IYalxXcaXUohVTVBLjzxLF/V65+k2L83fUZo5uvBg -3VQYBMdOnxSAPug77cmiVSxANYytJ1+fwZYBp3jlHF+m1f3AxtNhRklJBC1HGYTx -DviJ1S+hX2BTqu6vvWpSNzgdBgpHrKEjlvCA+bOpCqGPWh2ZW2p1vGLdu0yn83cG -uBzPlzZ9unwpuhlJuO17ZT0EpxCeJmKyuXojvseWVsMOfBqDzj1lB7oo2GNnN2ha -pYSHY59H6Q3rFwi3DCD+sj2p1Ssh387k88u99s8Mbnckh1SPvSZb0uqpOAkTdvni -aAxgcpyieXsJsw3Ko9Wv1OABpAd5P2Y8dwoC/vKVifySLHXKKzteN6mr8iUXIRv4 -oApO3TrCuhKutujYnxU8L9SKQaWDim5mrteW6M/m6K+Oq0CgeFE+YBJupgJl4UQw -xXsE4VUpiP2wmRTHptrSqF2othzSDrrUiSbgyCs5FV5cBbFQOnWBo6S83NI5awtc -L4QCfMqaXYuZ9nz02CSpsAdrN+Hbn7FUr561bO6CRpRnXVbblZ2iClWsThfO/W6y -wZwvwq8B7o0xP8++D+jvfw/8IFBHPHip2IKZqTNw1/IV5buM+D+ayT64i0H0hy3U -KgytzFR/4wNCCpvTm2AVm7hYfb3zsuqqsmAA7IZFubAOM25ExQIDAQABMA0GCSqG -SIb3DQEBCwUAA4IBAQBQROlB85OQcnetTXX0wUafPgu4S5s9VvUznLOdRRkHckv2 -EHLHBs0YwdjkEJ5WdyBKjBZ5f+nyD4K65jEdUXDozk+DiT9pefPwp65InLVmh6RQ -OQw/TFfsw2bv2S++GtYhQz2hcHocuIgWXqEE+d0DkKL0OQQdR99sWTO2DlBjyB0g -rGNp1fR0WVd4Ss+JiUOv9qwiGct6yd4Zkpdby+mjZOw7BW/b+8y7heGCf/d2ad08 -MSD/zw06J9yy1r9vCTqbDMFLK7a288xIX+j4D23EiToAFN12jmbM2PAs9Dt4eKzF -bHMTIgfNmGIpPsck/hc7ntIpgrCuqhBpV/RKkA02 +AoICAQCvQHgQwj2qNx/QC9uvaN8WHkJy4LoP8is8g+E/9AbkIbZA4/Fh38z5eCo9 +5KcsxLkl4tBAkwSOXJthEBSmFyQBuuHRg2IaXTGZIGm4DZw5cELtqLK/uQBKhHfl +n7CC1M2+eIdcNAWJScpvUbThUwVCCN76OuGB1PbT1mbp8tzDL6KNc2dJ/EPWOLYk +InuSWvBqnEJDdusQSRtuOtLhjisH+ObQN23Caf60MEHrYQW6j1CyIPrEqF+Zu3fw +kTzBpxdrCFcLTZL9QqRGNytv/vwk80OaGygr3Zm3ShuBsr8sy4+0Z9+/gyxxelgd +sAsgFJwcMTFdm1MsnEODfKYkLhl6GhMn3XVqyBcVVFu13vUq/VtPmPEHfdswU269 +J55SIx7Nduhffy9lgaDWfd/rKcrCaJMycK7jS1ZIH2VX6ySXj5s/2qv5O/vYXvh1 +pN1JRBHLDicH/aL+FF4j25jG/KUg/KeIVXWqhH9O8QNopWj3sWKKulhjIqlMaIbp +TZXD41XiiQ0WYn2+MrXhLd/w6ub8TzUmCexOEKHCJmAbpJ0cTWDHDxoxiY32y6vG +C+h4x55hkoZ4iG0TMKCXLyy7hIIqAoQaoWhvxQD2lnsh3slp7ZF1wDTIQ2S4RXE4 +hHXNQEeCZvoCx/71gSZFuUOpU5b6KFrXqNm2cjd4SUfk4N7tfQIDAQABMA0GCSqG +SIb3DQEBCwUAA4IBAQBgz5SnfATffMqxAnCKq2x6eRi2nc9cfkrAl1VCeVtNO2sn +nJOduz652pCA7IC3EowhH/9u7HX5Z4rJ4xgKeLiT4Ht00GZtbrmWhuUA1T3JZdYY +zH9xWXj956SeeOLAcQkg44UQ6UYOxrSqfXurLC175/HP4IAC475joJjoKKbD9kmO +C9osU5I3XpoPY5p95jXb/jXdMttlEX02Um+PzyS26bIjmRyLPd0NAn8LEt4NiXj+ +JdQipPyZuKqTCeuaW5HcCuoICwzA6AjiOisBO0HmCcjw86xEAm826XWgAc2Ckoz+ +HVpW6So4spdE96m2RQqkTWnbuUnHgzkgA9StUgDF -----END CERTIFICATE----- diff --git a/docker/ssl/certs/mainflux-server.key b/docker/ssl/certs/mainflux-server.key index d397e0ceb9..236dd62133 100644 --- a/docker/ssl/certs/mainflux-server.key +++ b/docker/ssl/certs/mainflux-server.key @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- -MIIJKgIBAAKCAgEAzqQxaKm5I/L4+c0+CGGpcV3Gl1KIVU1QS488Sxf1eufpNi/N -31GaObrwYN1UGATHTp8UgD7oO+3JolUsQDWMrSdfn8GWAad45RxfptX9wMbTYUZJ -SQQtRxmE8Q74idUvoV9gU6rur71qUjc4HQYKR6yhI5bwgPmzqQqhj1odmVtqdbxi -3btMp/N3Brgcz5c2fbp8KboZSbjte2U9BKcQniZisrl6I77HllbDDnwag849ZQe6 -KNhjZzdoWqWEh2OfR+kN6xcItwwg/rI9qdUrId/O5PPLvfbPDG53JIdUj70mW9Lq -qTgJE3b54mgMYHKconl7CbMNyqPVr9TgAaQHeT9mPHcKAv7ylYn8kix1yis7Xjep -q/IlFyEb+KAKTt06wroSrrbo2J8VPC/UikGlg4puZq7XlujP5uivjqtAoHhRPmAS -bqYCZeFEMMV7BOFVKYj9sJkUx6ba0qhdqLYc0g661Ikm4MgrORVeXAWxUDp1gaOk -vNzSOWsLXC+EAnzKml2LmfZ89NgkqbAHazfh25+xVK+etWzugkaUZ11W25WdogpV -rE4Xzv1ussGcL8KvAe6NMT/Pvg/o738P/CBQRzx4qdiCmakzcNfyFeW7jPg/msk+ -uItB9Ict1CoMrcxUf+MDQgqb05tgFZu4WH2987LqqrJgAOyGRbmwDjNuRMUCAwEA -AQKCAgEApJH7j6FsA4dkZn3g44f0DIdku+tNDLKQOj0PBbdFF+dOwor76NjyfPu2 -qU5bxO05VhI3n5N6HRBZv2EZ5uE+8kAjVfY044hfLgiU3Sgb+cXfXt89Slt7O97F -E76ajhss3dY5vyipA2lVHblAhUzkLwT7KH7zd6RmQ0BmPubEH/jAJpgsHO8oM7Ig -n0dOGr4Q9bzpWcoOjbor2FRebjAneeyUOkahUYqFJeRfYE/SRhqgpq+qwRDkybVE -9LxRegoLNpgTL6GenTmZpX6KwZE10rqN6aWII/hGGV54oKzu2bMIs6Scorwv7kKY -7Il1IfLlcDhTlvv1BefJLUnaRTQ/hhBstJord4e2rV/KaYG5w9Ya3Eu9QPcoPrLc -grreqQyHjWIHh3E6i/8/o1aa6OMcrQf1vxwSG6ItG7aaPYcwpfAOV+72NNqii8pB -NG+NUnNYTl0oUg9/PSKYPxgX2+9+poUEzJGWQvf4/x1JZ4giCg72tgXGwRT6OGTC -Xz9YJErkKkDEQ1LCXxJVT3p5fX3L6mFQj0M1Em7KHcZddVGckDKq8ImZGQ2Qj5pV -Tyg0dVpdWpW8JBkGej8CaWeL3U4nFMVTNeQvQk/dLlQy3zNX4EcBvU8WWq0p7LMY -VoFwjjx3Y56o1cpm6cMJGFYWhW458Wz5GESOu7Ur6XzW2/E9BhkCggEBAOfZXqyh -2k/KP3VrSp0uJiZnmv5nhsX58wvbWUgYPAKZ4bOfv/CfjYde/jmDA4E/LbDNf/Lw -EoZQF6sys7HNR6HPk/UvVcoDsexvloOZijP6z5s4UKX3qx71dfLeoU8zCMSRU8A0 -GAJqyXhcUdqhXdR3TudZn8b6LMl/bC2cJdJpvH929PqlaB9WwkvmGkMAIHaTV7lM -fNlgqJ8ZgI/bcTZy3dfzZB+/rOt0NVX6f3XENGeT5GhyTKKQRDFbxWz0ViPI2SIq -g9uzPSoIX9sB0LnJBMku/Dyv/XK4h2d1ozP4bZNh1g1RX1uaKO3r/t+MFdegWepO -aw/Xh2v2vmgVgU8CggEBAOQqnl4ZZkNH5efgTwswHBal0o2VYrm5a2IdO0d/epMO -EdHqEAPzAKEYtR4f2m/Q/nQikY76/ZSX0GYtkGerfcv/xIEp9lXcq+iaVxjv1yOG -Y0eplA8VjhPIg4YSd2agOW8lwgG92+ZjZZYoichy7KKhwgV1hqMxefGl0KrUSy9L -rqZIBsevoqwW2UGxn/JVjTnqkstklhTt/awsPYOOz1hkk/hryMLud/fXYk8oBd18 -qpIJEyK/pm5BY5iLbmEsO77DPfbbG+YWBbR6vRCCBNcXDJL4lg/TRyF16PVyhaGk -LmA+5vm/AqygJqhKds65yiAF915+Symo+NzsDX21i6sCggEBAOHB2J1SsOh28Fne -knYBBObqhZLpreNDInXOLd60smJ6ArtMd7LPOhmx1uybdSM6KLx7LfaZ6//bJ2Dt -aupcED8wiEr7v5aJCIxIkBAuxtMci2ECcg1Z38eyjhpizEH5WLVHKX0DfMmFwA4y -HwY7kMkdL7i4nYs7+bZvHCBBZta/XOvlImCaBYxWh7UuJy5Mhk/P42CsaPmmVCsv -wu7RaCjzqq7n8fu0QaW3r2O8GrbKyZh9+q/1dEfrIGvLh68zMFmB7mSFb4XTv2AZ -bXUtDFiLs9xOoxBY8fruUfLdKoCli9UyNCMdtDPXJbmezbxRhMdE/ajYmQmA/f2T -8w4YuqMCggEAOiQSDvBx+psLnrat7a/ouGyw5ps2eRUio/HG9UUquuZO7Cq0wgze -EC73mCGNzAh5jqZwaPrUO1UkKaVastAkUiNus2s59k8xDyilIRmcvNS138D6lY1s -kuX5feSewGv7trLsaP00V9TkQgs6cPW4DwkhI7r7AALPjCAwuBc4wWiLrJuV/rRm -w2tfGTpmA56BSkzX8zRCejra9VCgrDFr7J5Uhm0Qz3ts3p7n0jvkorftzyC425Xy -lw3ajziYe/KFluqxk4Hp7guWkJLmMpqvGRAqiBkIRCgWbBRbtI/mNXZcyvG8cc+W -ot58e03eUHdPZjGfA1kzVf5UzBbqqSnl2QKCAQEAh2jf7a01QXhheZVxvS3fsA+O -ZNHuuE06Hs67rBCfXZDq2ql3nu2fjZbMQpH7IAVb42rm1g2jC2s6OG9eq7xIFMGA -4LRWNpIpDuw5rwlvEBMsPPAqSyGT5Sl6yGh1qYjVD4tCPHVatxkXjf3CYoTHqL1n -O6HSL/8Ip6RUQM0/WykVKUyGRX1UmzGw1dPRRdHCWU3f92YlGhCYZqSQq8KfPGck -vk3aRZFtEd+T3mbNTL1ulPX3t3mXMmnNQRACknQfDex/H4Ed1B/UG7/11vgO46Gq -WqWoebhoSJ3trR3UoiusgDURkO5wZNgzHzfrrUaGtcHkDXCqT86rUOGRnw0TEg== +MIIJKQIBAAKCAgEAr0B4EMI9qjcf0Avbr2jfFh5CcuC6D/IrPIPhP/QG5CG2QOPx +Yd/M+XgqPeSnLMS5JeLQQJMEjlybYRAUphckAbrh0YNiGl0xmSBpuA2cOXBC7aiy +v7kASoR35Z+wgtTNvniHXDQFiUnKb1G04VMFQgje+jrhgdT209Zm6fLcwy+ijXNn +SfxD1ji2JCJ7klrwapxCQ3brEEkbbjrS4Y4rB/jm0Ddtwmn+tDBB62EFuo9QsiD6 +xKhfmbt38JE8wacXawhXC02S/UKkRjcrb/78JPNDmhsoK92Zt0obgbK/LMuPtGff +v4MscXpYHbALIBScHDExXZtTLJxDg3ymJC4ZehoTJ911asgXFVRbtd71Kv1bT5jx +B33bMFNuvSeeUiMezXboX38vZYGg1n3f6ynKwmiTMnCu40tWSB9lV+skl4+bP9qr ++Tv72F74daTdSUQRyw4nB/2i/hReI9uYxvylIPyniFV1qoR/TvEDaKVo97FiirpY +YyKpTGiG6U2Vw+NV4okNFmJ9vjK14S3f8Orm/E81JgnsThChwiZgG6SdHE1gxw8a +MYmN9surxgvoeMeeYZKGeIhtEzCgly8su4SCKgKEGqFob8UA9pZ7Id7Jae2RdcA0 +yENkuEVxOIR1zUBHgmb6Asf+9YEmRblDqVOW+iha16jZtnI3eElH5ODe7X0CAwEA +AQKCAgBWHRyiR3/bgwi7xwfk0mhESwwlvK1QppN+QeNN9I/qS3JtwlPa3wiuUNCY +5yEKS4QazK+9+z/S4EhtUmSDFH3Z58WMmL187OwxLQ8lpHJueu44L5vdv38YHq13 +hJdMQlryy/DfaqSJyFuThZeW3J+Jyige1w32KPo8L28UaAT4WBDM5rcLUMzYl7dQ +XC1SRiM6j5uz4NwyfWngKUF0GdKlMTXhfEsPq9u/GLNbgKo6+K8TSEdQmNeZB9gw +un0bPwqvykJTSIQAtF1aL0PF3YpycaJ3N/7uRw6AVQbdHUL5NPFhGWWFimQtQovH +0rg0xEvNQpLaRzeAhSxbkMVmo8xaNfYXb+aBx8KfamNa8Av8SkuCxM5V4IwScX8Q +iaGFvrK8ifLW8G+AkeNYufSkxlDawstqSQWpM44LBzQXZbgUx8fKku3m8O6XoHMl +XIZckuIipCoFzLzZKun0Rzno9lg01uvSQaBQqd/FrA22lF8WFxZN1UqxMRsnSi6+ +BXNOTc6Bj1hMaW4PYN2qKq3tiM9PcRtLrT3aCPn0twQRZkRsaSpR7sJA30EK+f/+ +YRiiFKuwDnX4eGrPhGtJ80ZFna16SNn49+n0zAWKDEwv2Kw71ZXOSvEgIq607fHG +tKzciKcOeLEUFDc98QlcgrvJ//krn6sntr2SaF3RyVqEF5FqtQKCAQEA2c1QbaA8 +NXnREcYNfpYpPNe5nLjN5elZd9xQVbuWoxysFT02BYW79F20v85utgoFOpoLgSFJ +cL6lo8e5H/3mxa8ra0jtj7knf2oyUmHHhlpDph2OWJCt1n4LE9ptYTpv00VT4t5c +9eAeyUdLTA254grx/XL6d8p2jWmOgfL/FPIxpSBlNqLl6BJvFM5RBhegDC9tOHuy +SSCcY2YZ3SInv9Ag3ZMvkNVUBbddz9YWhNfAFgaOJHgMiL7JKI4qQkcOgzU0oVjg +kNozVmffMxqNDfplZMnB0wwbN/vJf1XSc/rii3ZnjUJejmxrGje1Bj5tDCrHSeb4 +CLeZ0Oz4O7CLJwKCAQEAzfzGHWNg4B6SrLB4EljBfEbHc/B3e1vCajL5bSPqeOfQ +wGSF5Q7UGETiPzCyw5HL0UmuO+Stxhaj7YATLUDC3f+NryWIaTGWQf01a8e5+3q8 +AZ4PlWPMGxhUnX9/zYFzP9gGJ1oMmYRo3GK/nXBua5BhjBbsQh/JxRgXJqnq2hnD +1+HRqdHrRpV2TvdXc5HSHmqq1J+aqvEWfaBTFbKQqXZTz7r0AAkXcuHHP0iI7t66 +ZitK/52MqOzLza7NIqFvQFh2lHjOWOpeh9F3+T8SaEEG09vSLAVWPZZ3h8mZFfaZ +5bWB9JZNoo9kF6nDagbPGcvztKBceVE8UkY6Zjl4uwKCAQBAd1rk99aaZXISdrKr +0zplfdy8nJ6k/Iq0xYsptRqDMQtmRfXlcI4PaGUFmM6AJzsg+1OIZxfbvTI95fHP +nFFgFdceLDnUnpMoTYCTjcmG5NS9KGZnpHsvz6Lrv208qBVNTWnk7rhJNosmPGn3 +GuD4HRE/WXb1WgH5HVNG92u1AXLcU1hh8ZlnNX2XhPHKgdeng6oqW8KLjpF7gk8J +ewCU77+qldQwZFQ4VOv5hn6n10xNuKb9+GKNXxsfW+T6NRoAkBEB6NKfTVaArsIL +2EID7ydvy6AJHb44tdgQTpC6L3o6mVNRJmHiegjBe9ei/3s7bLYME8c6nU1z35Ah +6sFlAoIBAQCoopk6tAI6WS0xLWOPeZQlfviIxUO7/Poj4Ulr/WxWwUmYSHOJe+NN +Xw9uNhsTmsemtlBq/iL5uc1IgYKxmIQwJKhEzFBp9kuSCI70htWOuQMzu8f8QHB3 +eirDqf7iKmlEykD3dHQ+NjV2v20pokLz0obZnmabF9Uigz9oytDW7yLzGQ+BnLal +2XS63yl8FtRTTHZAjc2cxrTn8hoy+DYQViv1M5PQd6D3zzlEaMiZ7kPhou3KaJwg +K4QKBmIwSMOAhSvHD0O3bWAohudWaTlTmnDRfvQIT/Izh3yh8PxgC7wgX8FdkLNM +M2H5MWUm5x4je2Iv7NzoAQaGQLJMwB5DAoIBAQDGZdwdzmGpdB7goinXtCBYcPwY +xH5EGFpNlwojdFLIh2wEgwgRCWl/SoMxnJNWg53E1rNux6M7mVxhldbnunbE8GXo +VQTesmAnUwf0R82BcnBYIaejVzYWa+3EMmy61Su2B1OTxtaKwAKqOthdhlhRnUVG +P9ROYwTJY7cEoenGUifRnEJfckjfw4tSJxjlDPjG3HUXY1gOHKefdGe3gi37p+86 +iiX2yN1QWbu016y/BuhJgDWZ5fzGsTDhJeaVnzS5Vb/4QjU11+/9bmt0dp0ShRHT +QB9ijF0xTLQ5LlPg5XBvewNEeB0gZpx2X9k65WXseJvNrcdzd8AsqxkxFVFr -----END RSA PRIVATE KEY----- From 3afe5ae997ad1ea839f1a25b17a46bc99d0d843e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Wed, 27 Mar 2019 13:07:02 +0100 Subject: [PATCH 07/21] Use default key-based authentication MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/docker-compose.yml | 2 +- docker/nginx/{nginx-default.conf => nginx-key.conf} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename docker/nginx/{nginx-default.conf => nginx-key.conf} (100%) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 349442990d..094acd055f 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -18,7 +18,7 @@ services: container_name: mainflux-nginx restart: on-failure volumes: - - ./nginx/${NGINX_CONF}:/etc/nginx/nginx.conf + - ./nginx/nginx-${AUTH_CONF-key}.conf:/etc/nginx/nginx.conf - ./ssl/access.js:/etc/nginx/access.js - ./ssl/certs/mainflux-server.crt:/etc/ssl/certs/mainflux-server.crt - ./ssl/certs/ca.crt:/etc/ssl/certs/ca.crt diff --git a/docker/nginx/nginx-default.conf b/docker/nginx/nginx-key.conf similarity index 100% rename from docker/nginx/nginx-default.conf rename to docker/nginx/nginx-key.conf From 779def9ffec446de6faa7c6d27ed0c2bf32d3c87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Wed, 27 Mar 2019 18:34:57 +0100 Subject: [PATCH 08/21] Add mTLS docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/docker-compose.yml | 2 +- docs/messaging.md | 2 +- docs/{tls.md => secure-communication.md} | 21 +++++++++++++++++---- mkdocs.yml | 2 +- 4 files changed, 20 insertions(+), 7 deletions(-) rename docs/{tls.md => secure-communication.md} (60%) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 094acd055f..b6fb1ec7be 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -18,7 +18,7 @@ services: container_name: mainflux-nginx restart: on-failure volumes: - - ./nginx/nginx-${AUTH_CONF-key}.conf:/etc/nginx/nginx.conf + - ./nginx/nginx-${AUTH-key}.conf:/etc/nginx/nginx.conf - ./ssl/access.js:/etc/nginx/access.js - ./ssl/certs/mainflux-server.crt:/etc/ssl/certs/mainflux-server.crt - ./ssl/certs/ca.crt:/etc/ssl/certs/ca.crt diff --git a/docs/messaging.md b/docs/messaging.md index 6441dcc804..0522310e17 100644 --- a/docs/messaging.md +++ b/docs/messaging.md @@ -84,7 +84,7 @@ The most of the notifications received from the Adapter are non-confirmable. By > Server must send a notification in a confirmable message instead of a non-confirmable message at least every 24 hours. This prevents a client that went away or is no longer interested from remaining in the list of observers indefinitely. -CoAP Adapter sends these notifications every 12 hours. To configure this period, please check [adapter documentation](../coap/README.md) If the client is no longer interested in receiving notifications, the second scenario described above can be used to unsubscribe +CoAP Adapter sends these notifications every 12 hours. To configure this period, please check (adapter documentation)[https://www.github.com/mainflux/mainflux/tree/master/coap/README.md) If the client is no longer interested in receiving notifications, the second scenario described above can be used to unsubscribe ## Subtopics diff --git a/docs/tls.md b/docs/secure-communication.md similarity index 60% rename from docs/tls.md rename to docs/secure-communication.md index 53b8c0730b..98abc33dd9 100644 --- a/docs/tls.md +++ b/docs/secure-communication.md @@ -1,10 +1,11 @@ + By default gRPC communication is not secure as Mainflux system is most often run in a private network behind the reverse proxy. However, TLS can be activated and configured. -## Server configuration +# Server configuration -### Securing PostgreSQL connections +## Securing PostgreSQL connections By default, Mainflux will connect to Postgres using insecure transport. If a secured connection is required, you can select the SSL mode and set paths to any extra certificates and keys needed. @@ -19,7 +20,9 @@ If a secured connection is required, you can select the SSL mode and set paths t `MF_THINGS_DB_SSL_KEY` the path to the key file for Things. `MF_THINGS_DB_SSL_ROOT_CERT` the path to the root certificate file for Things. -Supported database connection modes are: `disabled` (default), `required`, `verify-ca` and `verify-full` +Supported database connection modes are: `disabled` (default), `required`, `verify-ca` and `verify-full`. + +## Securing gRPC ### Users @@ -47,4 +50,14 @@ If you wish to secure the gRPC connection to `things` and `users` services you m ### Things -`MF_THINGS_CA_CERTS` - the path to a file that contains the CAs in PEM format. If not set, the default connection will be insecure. If it fails to read the file, the service will fail to start up. \ No newline at end of file +`MF_THINGS_CA_CERTS` - the path to a file that contains the CAs in PEM format. If not set, the default connection will be insecure. If it fails to read the file, the service will fail to start up. + +# Mutual authentication + +In the most of the cases, HTTPS, WSS, MQTTS or secure CoAP are secure enough. However, sometimes you might need even more secure connection. Mainflux supports mutual TLS authentication (*mTLS*) based on (X.509 certificates)[https://tools.ietf.org/html/rfc5280]. By default the TLS protocol only proves the identity of the server to the client using X.509 certificate and the authentication of the client to the server is left to the application layer. TLS also offers client-to-server authentication using client-side X.509 authentication. This is called two-way or mutual authentication (_mTLS_). Mainflux currently supports mTLS over HTTP, WS, and MQTT protocols. In order to run Docker composition with mTLS turned on, you can execute following command from the project root: + +```bash +AUTH=x509 docker-compose -f docker/docker-compose.yml up -d +``` + +Mutual authentication includes client side certificates. Certificates can be generated using simple script provided (here)[http://www.github.com/mainflux/mainflux/tree/master/docker/ssl/Makefile]. In order to create a valid certificate, you need to create Mainflux thing using the process described in the [provisioning section](provisioning.md). diff --git a/mkdocs.yml b/mkdocs.yml index 1700105549..758f99a26c 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -33,7 +33,7 @@ pages: - Messaging: messaging.md - Storage: storage.md - LoRa: lora.md -- TLS: tls.md +- Securing communication: secure-communication.md - CLI: cli.md - Bootstrap: bootstrap.md - Developer's Guide: dev-guide.md From 6699bec2b6ee9407e8acdbe00e172455bf1a26cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Thu, 28 Mar 2019 11:55:37 +0100 Subject: [PATCH 09/21] Update Makefile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/ssl/Makefile | 27 ++++--- docker/ssl/certs/ca.crt | 32 ++++----- docker/ssl/certs/ca.key | 52 +++++++------- docker/ssl/certs/client.crt | 25 ------- docker/ssl/certs/client.key | 51 ------------- docker/ssl/certs/mainflux-server.crt | 40 +++++------ docker/ssl/certs/mainflux-server.key | 103 ++++++++++++++------------- docker/ssl/certs/thing.crt | 25 +++++++ docker/ssl/certs/thing.key | 52 ++++++++++++++ docs/secure-communication.md | 70 +++++++++++++++++- 10 files changed, 275 insertions(+), 202 deletions(-) delete mode 100644 docker/ssl/certs/client.crt delete mode 100644 docker/ssl/certs/client.key create mode 100644 docker/ssl/certs/thing.crt create mode 100644 docker/ssl/certs/thing.key diff --git a/docker/ssl/Makefile b/docker/ssl/Makefile index e503375b5b..8ceecdfb6b 100644 --- a/docker/ssl/Makefile +++ b/docker/ssl/Makefile @@ -4,30 +4,35 @@ O = Mainflux OU = mainflux EA = info@mainflux.com CN = localhost +CRT_FILE_NAME = thing all: clean_certs ca server_crt ca: - openssl req -newkey rsa:2048 -x509 -nodes -sha512 \ + openssl req -newkey rsa:2048 -x509 -nodes -sha512 -days 1095 \ -keyout $(CRT_LOCATION)/ca.key -out $(CRT_LOCATION)/ca.crt -subj "/CN=localhost/O=Mainflux/OU=IoT/emailAddress=info@mainflux.com" -server_crt: +server_cert: # Create mainflux server key and CSR. - openssl genrsa -out $(CRT_LOCATION)/mainflux-server.key 4096 - openssl req -new -sha256 -key $(CRT_LOCATION)/mainflux-server.key -out $(CRT_LOCATION)/mainflux-server.csr -subj "/CN=$(CN)/O=$(O)/OU=$(OU)/emailAddress=$(EA)" + openssl req -new -sha256 -newkey rsa:4096 -nodes -keyout $(CRT_LOCATION)/mainflux-server.key \ + -out $(CRT_LOCATION)/mainflux-server.csr -subj "/CN=$(CN)/O=$(O)/OU=$(OU)/emailAddress=$(EA)" + # Sign server CSR. - openssl x509 -req -in $(CRT_LOCATION)/mainflux-server.csr -CA $(CRT_LOCATION)/ca.crt -CAkey $(CRT_LOCATION)/ca.key -CAcreateserial -out $(CRT_LOCATION)/mainflux-server.crt + openssl x509 -req -days 1000 -in $(CRT_LOCATION)/mainflux-server.csr -CA $(CRT_LOCATION)/ca.crt -CAkey $(CRT_LOCATION)/ca.key -CAcreateserial -out $(CRT_LOCATION)/mainflux-server.crt + # Remove CSR. rm $(CRT_LOCATION)/mainflux-server.csr -client_crt: - # Create mainflux client key and CSR. This requires Thing key to be passed as a KEY variable. - openssl genrsa -out $(CRT_LOCATION)/client.key 4096 - openssl req -new -sha256 -key $(CRT_LOCATION)/client.key -out $(CRT_LOCATION)/client.csr -subj "/CN=$(KEY)/O=$(O)/OU=$(OU)/emailAddress=$(EA)" +thing_cert: + # Create mainflux server key and CSR. + openssl req -new -sha256 -newkey rsa:4096 -nodes -keyout $(CRT_LOCATION)/$(CRT_FILE_NAME).key \ + -out $(CRT_LOCATION)/$(CRT_FILE_NAME).csr -subj "/CN=$(KEY)/O=$(O)/OU=$(OU)/emailAddress=$(EA)" + # Sign client CSR. - openssl x509 -req -in $(CRT_LOCATION)/client.csr -CA $(CRT_LOCATION)/ca.crt -CAkey $(CRT_LOCATION)/ca.key -CAcreateserial -out $(CRT_LOCATION)/client.crt + openssl x509 -req -days 730 -in $(CRT_LOCATION)/$(CRT_FILE_NAME).csr -CA $(CRT_LOCATION)/ca.crt -CAkey $(CRT_LOCATION)/ca.key -CAcreateserial -out $(CRT_LOCATION)/$(CRT_FILE_NAME).crt + # Remove CSR. - rm $(CRT_LOCATION)/client.csr + rm $(CRT_LOCATION)/$(CRT_FILE_NAME).csr clean_certs: rm -r $(CRT_LOCATION)/*.crt diff --git a/docker/ssl/certs/ca.crt b/docker/ssl/certs/ca.crt index 6f51bcc773..5ad9239fdb 100644 --- a/docker/ssl/certs/ca.crt +++ b/docker/ssl/certs/ca.crt @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIDjzCCAnegAwIBAgIUdlfcfr+FaqVByml77RQV+JE+wogwDQYJKoZIhvcNAQEN +MIIDjzCCAnegAwIBAgIUVz+4empD2xX8gTz6zBoy7Fgc1f8wDQYJKoZIhvcNAQEN BQAwVzESMBAGA1UEAwwJbG9jYWxob3N0MREwDwYDVQQKDAhNYWluZmx1eDEMMAoG A1UECwwDSW9UMSAwHgYJKoZIhvcNAQkBFhFpbmZvQG1haW5mbHV4LmNvbTAeFw0x -OTAzMjcwOTIxNTBaFw0xOTA0MjYwOTIxNTBaMFcxEjAQBgNVBAMMCWxvY2FsaG9z +OTAzMjgxMDM5MDlaFw0yMjAzMjcxMDM5MDlaMFcxEjAQBgNVBAMMCWxvY2FsaG9z dDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsMA0lvVDEgMB4GCSqGSIb3DQEJ ARYRaW5mb0BtYWluZmx1eC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQC8eFXaEKZUnvMCrD7YqtxMzICCl2xM5GloGuQBO0I40Vagc+onHNpGR1DG -JYOq+/Ot1bGSdrb7pa0TGtbWxUgDTO4KbzgFW6KIqytNxrGmNkxNxpf/mB7un2CZ -AOO9clbk6w9pD3m3OIcYmf3pjSRbF5zIkCJqVxCr+Jx3UGqR0w+FD7j/dMezkNdS -lopRj8DCCQNaJP9OFK0kAvCaCM3+dweIf5J7OI3rEPGB2xemVIneRTgeEdjCshCv -of+EDnxN7vJTyEm+6F+gcACXtblGvBRTl/aoygOkJei0NSiUJYm7nt6VkHM0XUDT -zXV0Xn9ySOzrU7LsdVzaopzrcdOdAgMBAAGjUzBRMB0GA1UdDgQWBBSXz4Rilllr -v0UKSaZHNCgfP6u2BDAfBgNVHSMEGDAWgBSXz4Rilllrv0UKSaZHNCgfP6u2BDAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQB3mLNhdWSonrccmQdt -AlY/nWGKOwoIyHrnC7l6SdiWm3X++m0os9KPJuEGI80cD0wLR1pTlqnXHtOABI5Q -LSsKDRDK92mzcHU4U5r51FMC4GUMQxuqg46x0zya2yj5GjsXg2UBxl2/Es26Fq65 -aUARGFY2ozKPxiS1qrCRnLTtz/SQpjn1cZgJO+qwZzuAS/K9epI4wac1+Jxa/++3 -GEHAjq0DGu3Wob+kFJNGcz2N/KX3qawgvsqTP+/oa1mhGG1/3pjNTW02r+vwY0ms -wY5kg/Eobd+KNyrEuH1eeuodhvMST86iEooFKdPe/SNfmpcOsN/gxg9XFM/pDAys -Bg5M +AoIBAQDATXfodr2Q2c2IDmd9PlQBLMC9scJ3I0IEM0cYjyJ/3fuetBQfvcrSYL6m +nbXvnLLIdoTfKI15JzWWhkAvH4aZkcQAkaZMfHL44xPBdgfn3kkUG07S1rs3Wk78 ++nrZXYy+pbCuWhZ2UjcO3JV1uJQFBMEWGCaU0rHzZz+u+/M7XsdGleSVfEz3aaqK +74kzZ3ffepMp2xNtUCLTpDVT4g/VCe/e/AgBz4v8xxaiBEuinUZNKMgBErsQiCVJ +eqRWruwNFEPpyu/Zq73tQTQo9KEhFtlGHwSiodLquHlVsuDg8CMhum/O8ATnqpfV +prrmHGU+NbP7sz7oGnx8rPCAr067AgMBAAGjUzBRMB0GA1UdDgQWBBQDee6Rg0vp +VgA8mR4Wu2Y1jr7J2TAfBgNVHSMEGDAWgBQDee6Rg0vpVgA8mR4Wu2Y1jr7J2TAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQCni1C0WojHDb7u9pKD +84nbnG0pr2AImtMEgyjK3S9sgtkitP5NBwP0jRUiy1R4tf+Vq6XLjlOz4ThhCd+n +t9ZeSclPOZ4vlbI+geW9nm0aPQbKuZgVsV9d46CSodQMOpIC4f6+wIajk7w3cE2F +RwkrdXNjTdrNU6R152FpH0e5ar776LKHzQs1Zah0pbq6fLYt5ZxvGT1foUrM6+4C +k9LMsq4XtNf2jkSxCWxsdM12/8rRrwqewp/2BlAkzmvRq6Cz34fjnSEKqHZL6qfd +1YfyK7I3oCwmk0DvejMTEbeBJP99ZI2p8oXzbXBCjv97o6rxjgV9J6gHmp5TtFBt +zz7B -----END CERTIFICATE----- diff --git a/docker/ssl/certs/ca.key b/docker/ssl/certs/ca.key index 0f763412fe..3792f03dc3 100644 --- a/docker/ssl/certs/ca.key +++ b/docker/ssl/certs/ca.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8eFXaEKZUnvMC -rD7YqtxMzICCl2xM5GloGuQBO0I40Vagc+onHNpGR1DGJYOq+/Ot1bGSdrb7pa0T -GtbWxUgDTO4KbzgFW6KIqytNxrGmNkxNxpf/mB7un2CZAOO9clbk6w9pD3m3OIcY -mf3pjSRbF5zIkCJqVxCr+Jx3UGqR0w+FD7j/dMezkNdSlopRj8DCCQNaJP9OFK0k -AvCaCM3+dweIf5J7OI3rEPGB2xemVIneRTgeEdjCshCvof+EDnxN7vJTyEm+6F+g -cACXtblGvBRTl/aoygOkJei0NSiUJYm7nt6VkHM0XUDTzXV0Xn9ySOzrU7LsdVza -opzrcdOdAgMBAAECggEAYrywTYP3f9GeAkJ20lABBgMFOGVYCZiIWE/uL276LIYP -WhQgEcmd2L+343b32fYRHXscglzLVF7ho2amMvI73e7JrpHByZzOM8do8mAr5aYA -p6ZpLzBk1CKPGtlKdo+WUmuLMUE4RPLKY+sZCOg2qbpfGvvX69odE9s1LZTln+sK -s4TWyDCe0Fb3wJfSxFOxqdLLwPANEoWrC3JgY0EpFGBWVrv6HyRCjfi1kcWj0ex4 -eZR1UZS3TOm82gJnGSlLYqgMjz3f/EWUSdDF+vsNtk0Ak+vqDHQN0m4M2jZ3DngH -BlvU+22jO2+OngUkUO6JPDFuo4cGt5kgURFf+I9FwQKBgQDhuQfTwmZ6/gd82X4b -gJP6cFdPY212WDbsCl1+kqGkGQsAgPzADaDyr6snLCZTiLqrmeyuqqfGOR8GIytI -6/B379iYj6HquEYv4JrBjZQTPa2Px/7BsUtdZVNEU8/LU0d+mZqI1qtiWEIzXlT7 -ubfkBJlAUqD5r0RoYpK+/YnC1QKBgQDVwBq6PRNCCiaWniQN6jYzhpWzZiiCwKsd -gOshydVVXnwRWwhbBEdKcz/yQGMrOQXM+7NvkA+Id4XQ0y792TyJ3PNjF3oM0Cl7 -X9HJwYP9gEK0UUmeuOgqwLXOl2XRLMW5qfddurMmPG72wCNxYK2o0HXlywPM1ETs -Vx947bfhqQKBgDIG7UosksP9mzE7juyPgbyGu4MX2UHaaUnFPlV4MCULe9m/vMTg -AGTpNDi5W0E2U5EGy2Mm5YpUTKDymHxP9nrOiKW/Z7Z64utnj0UImOHu0JHGVJsf -LUHk3CCPpsU8juLrLknXsiJYx0tVQ+aKkcwSjNipt42/H503A6kazjaFAoGBAMAj -uiLVSd1gQIW9y80STvyMKz8jQqEeTfLscvBhfLoLf90eBmnCc88RwFaj2ED/Nh6n -1wke50eVoR0w6JnZT9jhW4skjFq+N7umS29f26ThSZTLSTE7J79ekU8OusCHzYjy -puCDNgzV4C1AU9vTuub31DLnBhh2aypDuo+6qENZAoGBAMLivsTjst+3z7XyW+p1 -VLxRAfM+F1MO18bwrrgoOKbKFb2foKDoZbvgjlNf+E1Cysl6OG/hNEonQsHbyJSH -+2HBYiovndIluqCNbKcVuXSIMAS+WsUr9c76gWvFVvIpdG1S6gaUua3TB+aR1sxO -LkFunJ2d4Wmuq6w2adBZGNMK +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDATXfodr2Q2c2I +Dmd9PlQBLMC9scJ3I0IEM0cYjyJ/3fuetBQfvcrSYL6mnbXvnLLIdoTfKI15JzWW +hkAvH4aZkcQAkaZMfHL44xPBdgfn3kkUG07S1rs3Wk78+nrZXYy+pbCuWhZ2UjcO +3JV1uJQFBMEWGCaU0rHzZz+u+/M7XsdGleSVfEz3aaqK74kzZ3ffepMp2xNtUCLT +pDVT4g/VCe/e/AgBz4v8xxaiBEuinUZNKMgBErsQiCVJeqRWruwNFEPpyu/Zq73t +QTQo9KEhFtlGHwSiodLquHlVsuDg8CMhum/O8ATnqpfVprrmHGU+NbP7sz7oGnx8 +rPCAr067AgMBAAECggEBALn7cmeSR15LN3tJqw8285m7RaFwxQniQJu9WBpJfG08 +LHld4kSckwcKZ/jOeMIHw+UaswD8wG6W3D37EyJAFDZ8ApsmQjag+bT6MQYe+CBp +HDZk/sPsx14OamxCeAO3dUKBDrJhEG5Yr0UhUy9qV0XPRkrvColOiKpGhhHfPGuC +XmLgfJZGzi6J3YcS0gZKhvKIjAdBJopfKscCq3Q/ldTFQztgPbC190Fvj6F7mImo +Zs66nfnlBXnXmT3qos8HoHk4GCwQFNSfpnrM781rU3LXXr8u/7Z3xbyuOdeN77sY +qjbXvrG1nlupKLd6nrXWLSjqPgJp16OwOF6jfnOUvXECgYEA4soXa/qHue3VMNoa +bCVjNRXU5/mPENEJLV5WA6n3Qbgvf5yRhEon0cXyPp+iViKDhYxy2+3rNiMPektt +LGIevpwKQehCo2KSxUN1iQkwKYNAkxQthphbj6ho9vRUZhHhiQ43ZwhwTEwKQ54k +1tpx3tcumnSpcytysXY4u55n0YkCgYEA2RI/CagYs2h6ioNfcVOlTOrGzD+H8/Fm +I4mp9wGu5CXQt37imI3yS14yFiDERENADWQezGU2ptKsNmgH4kLy+uH8VqdF85Td +2l2I4t9C1HqomXnLA4iBZmh3cbdxmlpQYPWk4egndDMFDfT4/HeZXyTDZ0QtpCYv +dOtvGdrjISMCgYASNYO36b+oEA6EA58He+EBTCVyErmH8iC4gdCKLsVpg25c4qdU +ZdfYofoXSR3xqIfC20oFmo6+JAaEHTZA0AgD6edw70MadzmtmQMA47n4O0+d/4rA +Oc9wM2dqHKgCIgFnzbppDWZm2dwhHbt7fMKTz9cwE5nfY2esE//uIIPZcQKBgBkA +HPqDvbSMB/EECG4I8DTXpWXIu2PBHb5iEI0+SGJGaK95kad4UbuUcbhStcgW5r2k +Flf8IDs+cE8j1CSfCVUTyfhA87GGJ7cKpsVaaVwHdHuYp2UUx7J/vaH/OrpIRJGm +OQM7ta+QYLimyjZpn+RxW3/9PjR1oWmZ5AXaS+Z5AoGAWXjaVnFeVRN9TUSfPdJz +4dNf/glL8B16bZ+Es5V3LRLGwjafNMCDsY/iWmHztimZaPAgIpsi1sxvGUty7PVT +Kj6Ysii+DliLOyI4yE+2g350bfM75xz8q031xDeI2PsDuijhwulaH2AZxVlFfyXN +0sVlwGxyUYmdB3z/2Ix3Hbc= -----END PRIVATE KEY----- diff --git a/docker/ssl/certs/client.crt b/docker/ssl/certs/client.crt deleted file mode 100644 index 84e131b7ca..0000000000 --- a/docker/ssl/certs/client.crt +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEOzCCAyMCFEarlPNaKQf3GWR9gMklmyFcJNNmMA0GCSqGSIb3DQEBCwUAMFcx -EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM -A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI3 -MDkyMjEyWhcNMTkwNDI2MDkyMjEyWjBdMRMwEQYDVQQDDApDTElFTlRfS0VZMREw -DwYDVQQKDAhNYWluZmx1eDERMA8GA1UECwwIbWFpbmZsdXgxIDAeBgkqhkiG9w0B -CQEWEWluZm9AbWFpbmZsdXguY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEAwVCvzpjxqMPrr1/5V1wQuzF0MlobYrG1xqVmSaSxKkMHGQopDw7DNIdg -BuZhJh5ZNmJSEU+6zLvSNKprVn/MBUO8LiNVz5uB83WllFyw+jdT5g90LwBOiec5 -IQA/Du2h//c9/NXx7oQsL/xkSEU0eYhzwoq3ZEarBAFzP5cquCuvWzJpup/kFI+B -AD/lXc+L4mDqYelJPqqXlG1+8bzH80pprhuZdJriiRIkzFQ0sZPtL4Pq73DxCEjy -qt0NRWsavFvMkM+EIWvIIV3poLSH4TYzRF4C+/oZnXnD5ev6TrAFY6/9E5awgkmx -S9SPK7G0XyHahDhU2C0M2Ax19AD6yKDThFz88HYh0IgBYkQKm2qASFr7wNT1n0vj -lNfDg+F7MziYNyP7kLXcQLj4H3qNB5wuh9cTUmvXXByRisdR5RQBOvedzWQI1DHB -6z1NhAGlqVwzZY3Z+spbE21t+dGV9VTOTdowOqnBnR39Z+GbZppHD2mkhP7YbU8Q -RDsqJIVId5X7GAvv/7FcmQnWd7THkDioFIi1xIK8F3Rt32JV2iuPWjnkAW4BMIrG -cbhKWfhSv9NPqyuKWn4I7jN+91EbmqKSVdSC5nGXyvaL9KoVldCR8fwc//1dlXhm -bBv2yzAQFgt4g2+w1TMFy7QyL/NAiJD553/+jdPP5PQFM9slYFMCAwEAATANBgkq -hkiG9w0BAQsFAAOCAQEAB1rCr8mhT/J7rSBh08Dqr7E8UTQoT7Rxzg0P5vA1hMp0 -U7gZ3eZ1CsXoz4KkfXe3NBRdb/YpSX2jtzOUjh46HStU2DfNly88lsZmrT61xsV5 -D2I1LsKdpXHn+y25qg/zsqK6E+nNSKnLYtO6xAwuPSHdl00mmbrBEpjw9bMtL9ux -Bo7MO5fY5J4MRdtWJglvRk48VtKh+FLE62fD+25DF0lmY4C9yhZeKxOcG6lATd4A -fw/MfgCMgwvEBNQ/vH3OhsIL5R5NuOumfeWfzoFTiHKVn3v/r38BsMg5ql5UcmbC -1udrjfU2/npWQNkBfNwVkREVqsP3Wo1Gjp7IhIUdkg== ------END CERTIFICATE----- diff --git a/docker/ssl/certs/client.key b/docker/ssl/certs/client.key deleted file mode 100644 index ac78b331f9..0000000000 --- a/docker/ssl/certs/client.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEAwVCvzpjxqMPrr1/5V1wQuzF0MlobYrG1xqVmSaSxKkMHGQop -Dw7DNIdgBuZhJh5ZNmJSEU+6zLvSNKprVn/MBUO8LiNVz5uB83WllFyw+jdT5g90 -LwBOiec5IQA/Du2h//c9/NXx7oQsL/xkSEU0eYhzwoq3ZEarBAFzP5cquCuvWzJp -up/kFI+BAD/lXc+L4mDqYelJPqqXlG1+8bzH80pprhuZdJriiRIkzFQ0sZPtL4Pq -73DxCEjyqt0NRWsavFvMkM+EIWvIIV3poLSH4TYzRF4C+/oZnXnD5ev6TrAFY6/9 -E5awgkmxS9SPK7G0XyHahDhU2C0M2Ax19AD6yKDThFz88HYh0IgBYkQKm2qASFr7 -wNT1n0vjlNfDg+F7MziYNyP7kLXcQLj4H3qNB5wuh9cTUmvXXByRisdR5RQBOved -zWQI1DHB6z1NhAGlqVwzZY3Z+spbE21t+dGV9VTOTdowOqnBnR39Z+GbZppHD2mk -hP7YbU8QRDsqJIVId5X7GAvv/7FcmQnWd7THkDioFIi1xIK8F3Rt32JV2iuPWjnk -AW4BMIrGcbhKWfhSv9NPqyuKWn4I7jN+91EbmqKSVdSC5nGXyvaL9KoVldCR8fwc -//1dlXhmbBv2yzAQFgt4g2+w1TMFy7QyL/NAiJD553/+jdPP5PQFM9slYFMCAwEA -AQKCAgAKAWMYDlJzqbBJI26EVv+GsMiS0pcYRJpj7audpCiHR3DWmvAFF36C+X6+ -3K2qi2eSqQQWYUoJzq7Siv+DOpoUq6zRtoJ6fFH9h9lKFIIUcUimX6ZjyGBIQu9y -BdE9tI7t8J4EuA4Nikm/MhD+rJZKtAVJzGQxjHbNfkW4xNoxLhGlZraSMjRb3BGR -Mb1tXZCf5uQ6rRhdZfbyd7haSqsOrItLt6H5pwqSjZ3Z9YHEryNXkjxWqEHRa/Uj -Ys2NCj4YAahU1mjAUhPJplKxPqbJwURmBXeiEw/AVs0M2WnbKMEep70xhlscYzQJ -+LZwTIJJajclIMVDaxF/HSX9uw8/vAE9lf52zQ/av98F8v6+aIAZ6/pabQbJJMsC -L+MfEz5GopeJLWhZeWzdKd+iU8fQ413kml88XBnLPBOJ53DZmedjWWDjm40vgiMi -+I+FAQVdrtd7josrHyVwte1SCYXpazAVJWYkXMkKevlOvYoc26PnEsYuABaMh7f5 -9yPtkxLbfkD6/A4VnMPUfdox3OCoF21qoyB6BQw93kOL6cW6u93e2mKq0KedEnYS -TU81B1UXtM+/odS83QeEFcEyYeN6loVpGxvouZ2sdTh08I9C7mKbHcdL2PiAT/r9 -n6dvT+vKyaTTpn7K0VW+2i3ZkZqEBVTrKjddaaWu5hoC7iACAQKCAQEA7FG6HLb0 -C8MIJYJuWRNAX38N3SUA3zSt1J2xFuTCqFJYgSnwDdfBQFuS0b1AmH2rZSjSOUTT -4b/vcbkdY9YyLSq3CiIx4Xa+PH9N3XfGy9bbY3yII2uDEYuTt15xU4uaMjR+Drcm -O2r3KgynwamM7Y/67XYHyziHrYv7cz2xwLR9z1TWMy8qejDwnaK2XSa0TcpkfRSz -L7ppej7RTztHA+6af8WQh0aao2U/gVTVS0QqWeDob6xsnGeT29UpK8Fs06nNGc1t -JcZhR3nq2UEI00gb2rghvJuwUkt8Kf/9qeaj1mDS9Y0tK8B7hQm+edxhiJHCvodI -Ska/76PUiujcTQKCAQEA0WofcN+WHJW9iZt+oijCWGZ6yZd5XYLkhD4eGdP3FSIS -Mr0WaVhsTmH+TOfWLCmS6wnwKZeliGtmL8SnutKQR133y1oGCvavXh4At8xDNQZz -FoNc9f/Z9lpgqiJAuwaC5rbEg2AxMPMUvoXA0Mk3bd2ESHbiKZ7x1k8GbrlgIFGr -M5hG5o8yldqoS7KRttWduPDaRMCt43CNycZwFpo8F0fJ+MvvcWnZ+UFwwIFq0u9C -nRiwgF4HG0MUgryDC40pbk3/B50Ik8m1inke3wD3bmFFMh4anDPpVsL3mDlLwuij -TnrplbqAK3Rkt9wVvenEBoZLdmg0jiHbrMO1pIr/HwKCAQAqEtLj0d7ZSTvmEba7 -vSW02tYJDVF+a86XEAw7Wzcc6KxBMso+bK9HWgZluSALBjTBqebjs1FV2+oxgReu -crA0QmqcL0JaNd3gv3mJeI24NOSSbdV/GOEY+pSuDO54RV6KmbXnwMvZwE2I+v/T -BvDESuIN7PmuQL5HM6js94ryGDBd/Wi1bCxP3O654gI9y2pGf0YszsaoNLQaw5xY -UuFt3ck7/lyg+P0HIjuQNx5SbCxuHBDF8RjVL8uvU+AknidV9+FAOsa39v3Sz+30 -CBQeKbRr2GSJQ968iBvvDliHKzz4KfzlIuFr7LURFo8G+ymSOwFFEqjYMIhzjeOF -Z7fxAoIBAENWzrlrDEgw1nvzZmsalDP88Cr27G3nczgbCW7gvCkthZCPQS+q4Vjr -Jezw9+vHipjN305glzgg4QEnSZBHuWFZlB7t2deYr5eiKjTwGARrCIMKxs/L7/jJ -4x+SWCJL27f4uYRNYEQPRnJlbDU3Hv3TJ4Btyhf8JmP1kWn1bjW2TUkQBGyLS4bo -gwmkaDrUwh0ARg+prcDfJpjlmJGMExqhWQ8J9PsRQKhoJKuicglWKqN9lvQQSFS5 -41SO7cy/Hb18ky+NjX6IdDoM7KJlGyuBV9Df4UqtXrEpjJiEhBou2KSZ3ZbqG+Dd -Uq3UtaEWFJTMhmOS6qNxu8P4QuagU50CggEBAIKzdCmFcjipRoz5EHHG7M+/TLtD -3r4PiXa4vXfy5g7uf7dLzv1kpqx5c9R8FAXer31WYeu3xMe+zXDJ4/H+mEvd40F8 -1GzgRVrk6BawRqMp4M2cjXHaUaqvgY4t4krs5RMzdPqh7avfZd2YOf7LFrZS2sjK -DHOS6Fd33g0TGjIBog/iivUnKbKbNHyQuSlLHAzGQwNwizxFT2fSfPkRVPjD2UAS -vbgIDof/YrtrIJ1jPMcv5r+lxuzJwNShmXW54lTchVbkSiKNTe8Jakgws1O5ITFN -v3l2Tl1+Va+lUh6oLpD5fUg9ax1zTdRvuJXQKRiFDwaJ+MocTvqSy/8vIcE= ------END RSA PRIVATE KEY----- diff --git a/docker/ssl/certs/mainflux-server.crt b/docker/ssl/certs/mainflux-server.crt index 94afad5f44..ba9a1b99cd 100644 --- a/docker/ssl/certs/mainflux-server.crt +++ b/docker/ssl/certs/mainflux-server.crt @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEOjCCAyICFEarlPNaKQf3GWR9gMklmyFcJNNlMA0GCSqGSIb3DQEBCwUAMFcx +MIIEOjCCAyICFEUJPlhTlXgN95xdj2q0zFJq3PW4MA0GCSqGSIb3DQEBCwUAMFcx EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM -A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI3 -MDkyMTU2WhcNMTkwNDI2MDkyMTU2WjBcMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAP +A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI4 +MTAzOTEyWhcNMjExMjIyMTAzOTEyWjBcMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAP BgNVBAoMCE1haW5mbHV4MREwDwYDVQQLDAhtYWluZmx1eDEgMB4GCSqGSIb3DQEJ ARYRaW5mb0BtYWluZmx1eC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQCvQHgQwj2qNx/QC9uvaN8WHkJy4LoP8is8g+E/9AbkIbZA4/Fh38z5eCo9 -5KcsxLkl4tBAkwSOXJthEBSmFyQBuuHRg2IaXTGZIGm4DZw5cELtqLK/uQBKhHfl -n7CC1M2+eIdcNAWJScpvUbThUwVCCN76OuGB1PbT1mbp8tzDL6KNc2dJ/EPWOLYk -InuSWvBqnEJDdusQSRtuOtLhjisH+ObQN23Caf60MEHrYQW6j1CyIPrEqF+Zu3fw -kTzBpxdrCFcLTZL9QqRGNytv/vwk80OaGygr3Zm3ShuBsr8sy4+0Z9+/gyxxelgd -sAsgFJwcMTFdm1MsnEODfKYkLhl6GhMn3XVqyBcVVFu13vUq/VtPmPEHfdswU269 -J55SIx7Nduhffy9lgaDWfd/rKcrCaJMycK7jS1ZIH2VX6ySXj5s/2qv5O/vYXvh1 -pN1JRBHLDicH/aL+FF4j25jG/KUg/KeIVXWqhH9O8QNopWj3sWKKulhjIqlMaIbp -TZXD41XiiQ0WYn2+MrXhLd/w6ub8TzUmCexOEKHCJmAbpJ0cTWDHDxoxiY32y6vG -C+h4x55hkoZ4iG0TMKCXLyy7hIIqAoQaoWhvxQD2lnsh3slp7ZF1wDTIQ2S4RXE4 -hHXNQEeCZvoCx/71gSZFuUOpU5b6KFrXqNm2cjd4SUfk4N7tfQIDAQABMA0GCSqG -SIb3DQEBCwUAA4IBAQBgz5SnfATffMqxAnCKq2x6eRi2nc9cfkrAl1VCeVtNO2sn -nJOduz652pCA7IC3EowhH/9u7HX5Z4rJ4xgKeLiT4Ht00GZtbrmWhuUA1T3JZdYY -zH9xWXj956SeeOLAcQkg44UQ6UYOxrSqfXurLC175/HP4IAC475joJjoKKbD9kmO -C9osU5I3XpoPY5p95jXb/jXdMttlEX02Um+PzyS26bIjmRyLPd0NAn8LEt4NiXj+ -JdQipPyZuKqTCeuaW5HcCuoICwzA6AjiOisBO0HmCcjw86xEAm826XWgAc2Ckoz+ -HVpW6So4spdE96m2RQqkTWnbuUnHgzkgA9StUgDF +AoICAQDAnomaAc9OfJENI0HYHhP/LrQu5nIYqgcfE7nUJOp+rXFXLAT/GbjtB7Fz +flyW4uIM7W3+Ip7j3wnmwki12uG1U9qSQlyPExnd7WqauhN8YS0yfyR8SmHv+fQZ ++GqdWjho6RqYMc1yaiThc3+E1OVdWHYqQFHUVWZ+EGs+63O8YPJcnEKLrnnYacj5 +/udQPNGLY5BX1+8ytGwc1rmZnVxr153qTGlvKH+LDZw2h3z9gmYEAmiSXsT79WJB +bGQ8w6UUHaiewGTOTmznqjoNGJxyyNF5IK5bpdIa7JTW0dy/Yp3W/PcLvZpJ92NK +2MznjBVqvCNWOsFCYhudl7fjihqZPcVJTUormElpnYfa6itQNcyMDl/uHs9VkUoG +KNpLKBLL/1hZPblSJSbOvJETbABwsflqUaBYxZs87zXP05xveHsbS+XPowOAlI9D +1L0i1I8T4cIDgwbsSHmcwK97vYSRqhYcIlVgySP9EUcndJ+M6c4dQ/GE/VKt4dhQ +tvQlXKfEaMZSlyZgA5Gb5ywhi8sM7BPG9Ch838+u/Gbpfi9kGzNEbiIcQviGV7+W +zanEtvABk+ljEBcKGPTTpjF88Y2JVb9bnG9mjrYF7bSNFlXLJPrTRjcoommTQ7Ap +B6YLG3V6Oji9M4KXflxJZ/iPkeQGxGEYV4hXR1XI3O3OotjBYQIDAQABMA0GCSqG +SIb3DQEBCwUAA4IBAQCpvr8cK38xfJfz9n1zfV51AygOWX7ygdkBxJuJp2InobM8 +taWdov4TxFAjHfV8ufBNwFa9dJglQNTvqB4V+2x4YTf5COdt509LmOiRgpnX+1Yk +Yx5wECniuQ50aQbTCTHyx7YM99eBBjlMmZfmmttNHuTSXQVBY72Gb9OC9X6xLpJY +linEcwpWuwCHAE8QOgD/bCfM7VrwA4oR+fa1ApZ3QrJT93quk0FbGoCie+6Mhxk5 +wqIRoatd4ZSynAwr8ZHgWnTqdI7az0wKcFmRpZZyuNqgZsVdtQX5Ed8tw2/KUn95 +G0aQKIT0Uyx/+wQSoi6TaQcNtLIkB7AiDPM1auka -----END CERTIFICATE----- diff --git a/docker/ssl/certs/mainflux-server.key b/docker/ssl/certs/mainflux-server.key index 236dd62133..434280a56d 100644 --- a/docker/ssl/certs/mainflux-server.key +++ b/docker/ssl/certs/mainflux-server.key @@ -1,51 +1,52 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEAr0B4EMI9qjcf0Avbr2jfFh5CcuC6D/IrPIPhP/QG5CG2QOPx -Yd/M+XgqPeSnLMS5JeLQQJMEjlybYRAUphckAbrh0YNiGl0xmSBpuA2cOXBC7aiy -v7kASoR35Z+wgtTNvniHXDQFiUnKb1G04VMFQgje+jrhgdT209Zm6fLcwy+ijXNn -SfxD1ji2JCJ7klrwapxCQ3brEEkbbjrS4Y4rB/jm0Ddtwmn+tDBB62EFuo9QsiD6 -xKhfmbt38JE8wacXawhXC02S/UKkRjcrb/78JPNDmhsoK92Zt0obgbK/LMuPtGff -v4MscXpYHbALIBScHDExXZtTLJxDg3ymJC4ZehoTJ911asgXFVRbtd71Kv1bT5jx -B33bMFNuvSeeUiMezXboX38vZYGg1n3f6ynKwmiTMnCu40tWSB9lV+skl4+bP9qr -+Tv72F74daTdSUQRyw4nB/2i/hReI9uYxvylIPyniFV1qoR/TvEDaKVo97FiirpY -YyKpTGiG6U2Vw+NV4okNFmJ9vjK14S3f8Orm/E81JgnsThChwiZgG6SdHE1gxw8a -MYmN9surxgvoeMeeYZKGeIhtEzCgly8su4SCKgKEGqFob8UA9pZ7Id7Jae2RdcA0 -yENkuEVxOIR1zUBHgmb6Asf+9YEmRblDqVOW+iha16jZtnI3eElH5ODe7X0CAwEA -AQKCAgBWHRyiR3/bgwi7xwfk0mhESwwlvK1QppN+QeNN9I/qS3JtwlPa3wiuUNCY -5yEKS4QazK+9+z/S4EhtUmSDFH3Z58WMmL187OwxLQ8lpHJueu44L5vdv38YHq13 -hJdMQlryy/DfaqSJyFuThZeW3J+Jyige1w32KPo8L28UaAT4WBDM5rcLUMzYl7dQ -XC1SRiM6j5uz4NwyfWngKUF0GdKlMTXhfEsPq9u/GLNbgKo6+K8TSEdQmNeZB9gw -un0bPwqvykJTSIQAtF1aL0PF3YpycaJ3N/7uRw6AVQbdHUL5NPFhGWWFimQtQovH -0rg0xEvNQpLaRzeAhSxbkMVmo8xaNfYXb+aBx8KfamNa8Av8SkuCxM5V4IwScX8Q -iaGFvrK8ifLW8G+AkeNYufSkxlDawstqSQWpM44LBzQXZbgUx8fKku3m8O6XoHMl -XIZckuIipCoFzLzZKun0Rzno9lg01uvSQaBQqd/FrA22lF8WFxZN1UqxMRsnSi6+ -BXNOTc6Bj1hMaW4PYN2qKq3tiM9PcRtLrT3aCPn0twQRZkRsaSpR7sJA30EK+f/+ -YRiiFKuwDnX4eGrPhGtJ80ZFna16SNn49+n0zAWKDEwv2Kw71ZXOSvEgIq607fHG -tKzciKcOeLEUFDc98QlcgrvJ//krn6sntr2SaF3RyVqEF5FqtQKCAQEA2c1QbaA8 -NXnREcYNfpYpPNe5nLjN5elZd9xQVbuWoxysFT02BYW79F20v85utgoFOpoLgSFJ -cL6lo8e5H/3mxa8ra0jtj7knf2oyUmHHhlpDph2OWJCt1n4LE9ptYTpv00VT4t5c -9eAeyUdLTA254grx/XL6d8p2jWmOgfL/FPIxpSBlNqLl6BJvFM5RBhegDC9tOHuy -SSCcY2YZ3SInv9Ag3ZMvkNVUBbddz9YWhNfAFgaOJHgMiL7JKI4qQkcOgzU0oVjg -kNozVmffMxqNDfplZMnB0wwbN/vJf1XSc/rii3ZnjUJejmxrGje1Bj5tDCrHSeb4 -CLeZ0Oz4O7CLJwKCAQEAzfzGHWNg4B6SrLB4EljBfEbHc/B3e1vCajL5bSPqeOfQ -wGSF5Q7UGETiPzCyw5HL0UmuO+Stxhaj7YATLUDC3f+NryWIaTGWQf01a8e5+3q8 -AZ4PlWPMGxhUnX9/zYFzP9gGJ1oMmYRo3GK/nXBua5BhjBbsQh/JxRgXJqnq2hnD -1+HRqdHrRpV2TvdXc5HSHmqq1J+aqvEWfaBTFbKQqXZTz7r0AAkXcuHHP0iI7t66 -ZitK/52MqOzLza7NIqFvQFh2lHjOWOpeh9F3+T8SaEEG09vSLAVWPZZ3h8mZFfaZ -5bWB9JZNoo9kF6nDagbPGcvztKBceVE8UkY6Zjl4uwKCAQBAd1rk99aaZXISdrKr -0zplfdy8nJ6k/Iq0xYsptRqDMQtmRfXlcI4PaGUFmM6AJzsg+1OIZxfbvTI95fHP -nFFgFdceLDnUnpMoTYCTjcmG5NS9KGZnpHsvz6Lrv208qBVNTWnk7rhJNosmPGn3 -GuD4HRE/WXb1WgH5HVNG92u1AXLcU1hh8ZlnNX2XhPHKgdeng6oqW8KLjpF7gk8J -ewCU77+qldQwZFQ4VOv5hn6n10xNuKb9+GKNXxsfW+T6NRoAkBEB6NKfTVaArsIL -2EID7ydvy6AJHb44tdgQTpC6L3o6mVNRJmHiegjBe9ei/3s7bLYME8c6nU1z35Ah -6sFlAoIBAQCoopk6tAI6WS0xLWOPeZQlfviIxUO7/Poj4Ulr/WxWwUmYSHOJe+NN -Xw9uNhsTmsemtlBq/iL5uc1IgYKxmIQwJKhEzFBp9kuSCI70htWOuQMzu8f8QHB3 -eirDqf7iKmlEykD3dHQ+NjV2v20pokLz0obZnmabF9Uigz9oytDW7yLzGQ+BnLal -2XS63yl8FtRTTHZAjc2cxrTn8hoy+DYQViv1M5PQd6D3zzlEaMiZ7kPhou3KaJwg -K4QKBmIwSMOAhSvHD0O3bWAohudWaTlTmnDRfvQIT/Izh3yh8PxgC7wgX8FdkLNM -M2H5MWUm5x4je2Iv7NzoAQaGQLJMwB5DAoIBAQDGZdwdzmGpdB7goinXtCBYcPwY -xH5EGFpNlwojdFLIh2wEgwgRCWl/SoMxnJNWg53E1rNux6M7mVxhldbnunbE8GXo -VQTesmAnUwf0R82BcnBYIaejVzYWa+3EMmy61Su2B1OTxtaKwAKqOthdhlhRnUVG -P9ROYwTJY7cEoenGUifRnEJfckjfw4tSJxjlDPjG3HUXY1gOHKefdGe3gi37p+86 -iiX2yN1QWbu016y/BuhJgDWZ5fzGsTDhJeaVnzS5Vb/4QjU11+/9bmt0dp0ShRHT -QB9ijF0xTLQ5LlPg5XBvewNEeB0gZpx2X9k65WXseJvNrcdzd8AsqxkxFVFr ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDAnomaAc9OfJEN +I0HYHhP/LrQu5nIYqgcfE7nUJOp+rXFXLAT/GbjtB7FzflyW4uIM7W3+Ip7j3wnm +wki12uG1U9qSQlyPExnd7WqauhN8YS0yfyR8SmHv+fQZ+GqdWjho6RqYMc1yaiTh +c3+E1OVdWHYqQFHUVWZ+EGs+63O8YPJcnEKLrnnYacj5/udQPNGLY5BX1+8ytGwc +1rmZnVxr153qTGlvKH+LDZw2h3z9gmYEAmiSXsT79WJBbGQ8w6UUHaiewGTOTmzn +qjoNGJxyyNF5IK5bpdIa7JTW0dy/Yp3W/PcLvZpJ92NK2MznjBVqvCNWOsFCYhud +l7fjihqZPcVJTUormElpnYfa6itQNcyMDl/uHs9VkUoGKNpLKBLL/1hZPblSJSbO +vJETbABwsflqUaBYxZs87zXP05xveHsbS+XPowOAlI9D1L0i1I8T4cIDgwbsSHmc +wK97vYSRqhYcIlVgySP9EUcndJ+M6c4dQ/GE/VKt4dhQtvQlXKfEaMZSlyZgA5Gb +5ywhi8sM7BPG9Ch838+u/Gbpfi9kGzNEbiIcQviGV7+WzanEtvABk+ljEBcKGPTT +pjF88Y2JVb9bnG9mjrYF7bSNFlXLJPrTRjcoommTQ7ApB6YLG3V6Oji9M4KXflxJ +Z/iPkeQGxGEYV4hXR1XI3O3OotjBYQIDAQABAoICAGxexfwn2ILIArPpijoVchq4 +JBfe/4Jw5uDNMFfzDRuIaaQp2AXOawSwt13LUjxyGcw8KQ46XDrIWcHCvTXTl/l0 +3Bw9yeWVUZBS6w9ycVQhOFSYw+ZJ0yA4+OVDpngxMluUCqpmGrisj2Non+4T+Zez +FYhf96oHAksa4bvcrJjn0nPYVnhQCa2AltpQV8QE88AAnE1P5/wXFlyDUpjiuATU +orwXkZpApsGNPr5PLDtVCiBnWn4/Y4R+YnF8kki9qjrPFPd8Nzr7VLpiQ5bqqdrK +sU/82xwlBziusm7KU/A5g6RZXoT0f8Httad+oooDfmk2wIrbM7Atkmvv2D3kjWGA +Rczd7tHgz22G6X22zJdaRkQv5KJ9Hc01LNlRG/rlVsbyGZlHH6IUsQy7bA574CT9 ++eyydi7KfGkYBuTsIal7YzQsk9bibvoB5x2pHZ+EVrSAYfiY759blir+eaQyHtOD +o02hWSqjtGe+qtkSD32wmvMoQeEX176rfZ9N8Sc3RaqKElVzTClHzZm71Mg/z2aA +60chjpwNvaB8IYKkWWXI9DaihjiHwiv6bvzx89KqB4QgHVXR/n61mxFsE7NqBJaW +TeCcRWMuMDX3n9xfD8C9P0IdEomWfFhfcfVdG6yPBfYUns6F94Dhxt0mRG4iltLq +BOEFauAZ9Jem/b9YYpYhAoIBAQDgCWXy5RBHZPPDwTRZheu/PrFSOFzF55E1LVa3 +UOHpNpO77cNWoTBPMuXDnzmrr6M481FgCNXDII+6jr1L2hlVzxlJTB5jtmhQILqc +JDABZenZQYQsutdfhJm5VdZkzl0SPtOxg7SSuLhk/9FDwuelNiYhUnwTDveS+OzC +l9oV5z763A3KqBsfe3OfXoo/qUoZ8u931+XJNcXmGs7yNJzncdMmxdY+tfOt7BNN +0d2ANLTU7pcStNgEJRpdPiuiL281zb2VwVATdXbVAH04fGqbZSxS46n+uUsHrA9t +HsjXNxTav2CFRpwn8rjiyiIUnrRtv4Dlc5DXY83NrCjW9OxfAoIBAQDcGapW7Peo +3UBReqKQWjMJievpI5uOHS8JyEUJTOV8uV0/zV++JwJsdDSlrfaUKwbq83jIBnqe +M3Ho8mkaA9a9N4lClh0RtvxEbIobsSk+bXoT5iKdZC9+ODq05DVYPxS/5WHY6nkU +J8JKgQxW58GJ9oejHSosd273wCfU63MK5dV4KCXENMDWJySay55gBNWl2QYNk6XV +KMfcIR8dwNTZe8s2Ys5yDQDGMDhXrho3t153imQgylW2NWAIUVs2bbSgcMOO/2hF +r0irIZDm0Yv+SA/0BBOn0CwMLUen2gHRQE34oQ3Gk3iGEgkRznk3QGVF28eybdQf +fFQSKaoWFSo/AoIBAQDKbbOAVRjwaXcYWWpDuY3Zr3vpHqQ07Zd2xRClcp+taXLz +S1JE5EAST5rrtuMVDg4dVz0f2NvNA47asj64WsipkAb5A54x2o9GV0xF6Sy3Fq7F +bz1ObURNOjLsE3M0goH2Cm6c5rQyHlX+bGdZIrLLxLGPSkhxsARi+Ch1a1/Siq+N +W2faxSo8t/8w8OtZuk0KRUe6sYke1UeLMo3qqz9aoK55SijbYOxdKgIHPqk1Pmpm +O26lqGHG3P+FYLdsRA/oPY4f0hvYeTp2G4sJjuGEp1X1T2A6mJICzKTjo/00+MAP +Jvy/b52JOvdzc9B3cS72OyLsMA+fjr5WKEh+ca9hAoIBAQDHnE8rvoVtFBs8yeec +2vDmebsGGVD+NeFvEb3qjV6jGslDD9MA9QfxrAIDMB4sikkf0+d6IMYbq7Rm+1Hu +UgTyXeeSB+odIsLumzE1pBovj8HjQheqfi3EXuJ/I2htu+fpkPKIcz2T1esS/q5e +MpkHshmZCN4yra5p6k81fsM64u4SpvZ5Vw58Kcu8x2W+1yOb4ZLnxTvkcbOwJCnA +Jh3jj63giQOJ09kb5Kd0fWUxmo+GAnCEfHv3X7jUUlRSrHPf/eSdT20Vpb5V1X9A +llJMLrapKvlYfCc2c+pEhCaZy6PrFMUVjrEDhl/LUmIEhdZS4NvfKlPyqiLkxfyH +QnKpAoIBAQCUVEjPx/8SdPsyNRBEFXLf3gnzaQqkjkGHenmCiZyXFL2NWfbrGsn3 +n7JhpBIjko8wy7YX2UbmTdopMCn5xfV9AXiWbEtA1pO6bTr2cs+KuHsj2U0+QN9A +05R1fE7HRSD4pE0ZQIbNVpHq5MWYoM+UKliVKAzYZVgV7dN54PT4f2Q/ob86Yzc0 +L1v2YPlS5+6ZIpX8b/dKoIrfx4L/ycWqG/nhzcnTOCqky2rWXO5DX9lCHV/tzpHw +Vpb9joZLQJHVV8cWMtd1+M/iXmLxDrQuPqnk/vcx7h9i4RwEAgTk378hRjmWyJbn +KRZEyZtITc7zZTz1TkzqL2AVTdWBcuGv +-----END PRIVATE KEY----- diff --git a/docker/ssl/certs/thing.crt b/docker/ssl/certs/thing.crt new file mode 100644 index 0000000000..e13e6364d0 --- /dev/null +++ b/docker/ssl/certs/thing.crt @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEODCCAyACFEUJPlhTlXgN95xdj2q0zFJq3PW6MA0GCSqGSIb3DQEBCwUAMFcx +EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM +A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI4 +MTA0MjMzWhcNMjEwMzI3MTA0MjMzWjBaMRAwDgYDVQQDDAdkZWZhdWx0MREwDwYD +VQQKDAhNYWluZmx1eDERMA8GA1UECwwIbWFpbmZsdXgxIDAeBgkqhkiG9w0BCQEW +EWluZm9AbWFpbmZsdXguY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEA2fRQ4aWO7pxJvaD2Yt3dnF9SulqyNv8vzqkLH7llJgly0qcPzpTCkwUCwHvw +oug1619ShFjnuSHYxNUW69m4pFCwX/AMUeAUzREKhZo60dRQ0EdU+r5dKYRGvz1p +sTWzYSSwiQlRsmAdEbkrL7bQHWoyt+D3hVM5Iq+gC7T1MbAmsrirGW6u/Pysi5JX +bsPrea/Y+O9S6DOlxmSjBe7XKq3bsknCrtMw9T9oxWhMxjCFrMixYL5I6oO99fTu +1PtpP80ntdO7L+cfU5zQ5i0VpYH7/NRg+6gx8/0H/SU8FKacr8fKcSfybyWA9Qvp +CTIhTWZkqTQmOqKKzp6Q+E/0pW33GfwbViCZDjYAxvg9XIMYDSjdHBDwqch/eEFe +At2jr8nIOz+Goon/OFzid8SUketIvrD2b3CzmVgX2/osq2mlaHT6QIYfTRn1l4CI +i7jHiDPFW976BeMKkm8WuHy9Koz7BEIVY1/XugZ8tAru9tCDRdnnJSJNZqgiBR+I +NcOtMIFUq5HqE5xAs7uPpJFCLL2d6RBOzz6QCHHFSNreXalXShIsKfBP4JiiJTrd +vsgWeE8sqwOCwBnrpu4WqHvcWLttdr+lktC/XluhAra2jExq2bCdPf8RXJ0oRjlk +0lqTq73eMgg0HnACcopatBnVA1mesP98ZuoASgltpuE+Bl0CAwEAATANBgkqhkiG +9w0BAQsFAAOCAQEACZtGArTbaSUT/YEdLlYJSPk7etEJjknXJcQLG+Nsa9aiDkhD +AO3Zy1BXyAFeVOSLmerhEbrv8X2PXH1wUgEiHz8j5rIcdTZwobBKeF86aoyTD0wZ +6yKt6+7BC75z1l7Su9yvPyort240mDtekZUUJSgzydFZO+6RfZ3u5adryMB6Vp/D +LfU74lxshKdlretHnLIVBnwIpkN8yGi4JJm5wGdT+q6NNm5VNbTXop1bDIElJPy5 +Bup1OlxZsRLCFh/S9oruWhIo6MuGnK7Gf0qPnn4gxyLwrNtdlkX8do6zfjo5vKKi +4eozvXJQ/ublk0THtTQ3Fvp3s2ag9cnLEESTAA== +-----END CERTIFICATE----- diff --git a/docker/ssl/certs/thing.key b/docker/ssl/certs/thing.key new file mode 100644 index 0000000000..5d02c965ae --- /dev/null +++ b/docker/ssl/certs/thing.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDZ9FDhpY7unEm9 +oPZi3d2cX1K6WrI2/y/OqQsfuWUmCXLSpw/OlMKTBQLAe/Ci6DXrX1KEWOe5IdjE +1Rbr2bikULBf8AxR4BTNEQqFmjrR1FDQR1T6vl0phEa/PWmxNbNhJLCJCVGyYB0R +uSsvttAdajK34PeFUzkir6ALtPUxsCayuKsZbq78/KyLklduw+t5r9j471LoM6XG +ZKMF7tcqrduyScKu0zD1P2jFaEzGMIWsyLFgvkjqg7319O7U+2k/zSe107sv5x9T +nNDmLRWlgfv81GD7qDHz/Qf9JTwUppyvx8pxJ/JvJYD1C+kJMiFNZmSpNCY6oorO +npD4T/SlbfcZ/BtWIJkONgDG+D1cgxgNKN0cEPCpyH94QV4C3aOvycg7P4aiif84 +XOJ3xJSR60i+sPZvcLOZWBfb+iyraaVodPpAhh9NGfWXgIiLuMeIM8Vb3voF4wqS +bxa4fL0qjPsEQhVjX9e6Bny0Cu720INF2eclIk1mqCIFH4g1w60wgVSrkeoTnECz +u4+kkUIsvZ3pEE7PPpAIccVI2t5dqVdKEiwp8E/gmKIlOt2+yBZ4TyyrA4LAGeum +7haoe9xYu212v6WS0L9eW6ECtraMTGrZsJ09/xFcnShGOWTSWpOrvd4yCDQecAJy +ilq0GdUDWZ6w/3xm6gBKCW2m4T4GXQIDAQABAoICAQDIYaue2VSAoaXWNs9vdCWT +57uqY0on8BOm/5mfkBajktpDO573waLmAhxWlVxWmgFApcG6tfZNKgYeaP8K1X/B +agHOImdhOxBEvN8cmABt+7JU2tARO8VxLxDQMAklCIcjz9SSGMRIp77yFXjUBFJw +SLvafHV02V/VOPx+5t7q0NWzSL7dwfoV08RbCa9iwbOTjA2CSJ3DqABIVyvef4jI +z1EGKHRZwQbo42RS4iJ7sA6mHVme5TMqkPar04VkwMQyCU7yB3i4gNg3ShxxEpAt +O0VOXH/RvwA2HrMilQIYxlmV7qx7vktQzn0yTcHxV2pwu6veOHjRPbE6Z2RHN1Nm +tPRMDLMt8vMDQrQx0TlKuC6SP21JT1dJRDKvhZnYtOUhS23lCWBeDUJeY5rqUEep +gkui9LGlDESap3OU82lKQMuqT4oaucxaubzING/dvjo3J+O7ngXAz4OYGrrfXd46 +3r/WzMvDDpWB/m+5Uqc4Rz5aUFeljQDIHsD7bxbIL0WPjEwgA5JOnT6hRSPHYN+N +fLqKnv3cvTtF6enmextE8LupEXcbp33l9Zwk4N2ZJGqFbBBAEJiJJhl9U66Eal1K +6mtZAUWMMQaZm9sM4F1REKBVNhccKX28iuU4INpvVQ2U9RNMfyUM7y2wMn4ejPIA +NnabBoRQ9ffwqIR7M2eHIQKCAQEA/4wV3m0ueade7aI0unGgk8cE1wNBp5iLuQCk +7NIOthTMgIL/kKvBCS7YVjYORr2t0wxjWwUov+YZeufdf+U55xp/ghDBjHBgpbAk +QRy+D2THY5fKFesomLok/MYZ7nwRSGdDh67GxMSG7sTtn+4rUtl/jdeQjFZJwb7q +DtZU8lIoRDNcwbLiYjP/I32oOQZIzGz4gCVrN+pvubLzYL8BJAS4D+B04PN4DILT +P3Vib8umibunaWC1gp1tXbbtuHbgUw9VAMgM/A6V90n8nKuyJtJPDGlIQ5PuMve5 +X81BidnCG85F87RUByoXu2LdZ2n2GIVjvMf7nT4k2e8OZMYBCQKCAQEA2lctu4MN +hHuNMSGNf31T8dOJCjb7j9TDw5ZhvAPUuBfF9pSX9MzsAfc5EcLtMqDNEQ4E0jy1 +pasRY0Op//CD77gH/3T24Tbivbv6U81UFDmbTO8/I8RvfRoeC2StY6DXVxCQ6gs/ +SfoIIj5EHIa/8wT+L70lh3isfQwjIh9O0ECDIm/Eqp8MSBHI5lhEMDLBCZd00fs1 +O+wBmUGXUM8Hst7v6ygCPYIwzB3ZHRGIgImxcKVyhl6WUBF7n3DQOE98cfotmv65 +jGYhKL+XSuOzyysCa6APTqvfz7BnTJhIbnlmSMyRjNAgLq+Ch36JYL35VqLzZQvE +ZjEbcx8NCdaztQKCAQBVbepdqlhQGRDWFlTUQ2owHOdUTeVj9s428a0w8mQyoK9h +AuoW3iQxQrTV1Upegcibdle8tPPTe0PnX54fxGzgAm6/94QMxAC7QzBLiCVNlh5G +ABdxzmSK8ietTTicDmPktYjQ0i/m1eBZ8AGUZpWbI9TNgVP0ZmBP4dfzT9mkDK0j +Z5xJsNiXhdR0c+yJ67zogkFs7ZVzYu8owFc2b4QdG2rA/AN2tE3cuNuQKljXENjC +0LX9t3PWj3RhUOcVtL/3ZHfBRB97IBEoU1actZVf/wyoFIYw+UI3TbNuAHs5b0/B +5epit1Uj9AFtBncHvFemCOm30Y8fGQhOxukj7UGpAoIBAGxMj6+RqpPLINZ82Q2i +oY+yqCe76/2EwHF0VxgGIm4JxLSxMcpIFsxGzzTjJfpVzkGmXXfWixcYijBdcKY1 +q4utEbKBVq+RJNiNs/X7Q7ggdsqrZPsdxVsdKEfocSSYtBdIbUjZuVO9RGmPzwMD +R5SIJniRblsK3SvNaGPVeadMSH89RySGbXYV9DtlDrWFh0B1sokw/E+zmXtmEGMR +vbTYZdKTbsEJoaCtMXL8rmNraOsB9ZN2uUIP2ezU7ULxEj4KpLJbpLdiNRJcLfQE +i7q7o6C0rMMN956x1hsk8dByQOzdI1jgJwZhIfKJLiUhNdrmSqoVMx6pPv9UKIh3 +yX0CggEAT9xTWag58+x7OIfIVhfJsWGVJmRX5sBfeV17A5Wuj/mQqeWJQxeiDsj+ +FwWl6TvbSta4svE6TCet5eE07xdAvZZIfp/ZceXcwJY1k/N8AKK0ARK/FtfyRv5q +Tsxz5FWrZ7/sDcHOEeOkkpmyjqK87XtEldCroVuWfy3l2V5nrLRXpd++JPBi1Syu +b36iOkBi5WMZGn398NwymM9UbsyxqsiBbsLrnkFRv6XUs8oL4kZo6bF1WIUxqLoD +v1facQUWwbSRTvudylrFKx6oim+TEFcAWY7Si3hOHROWP2LhzCOlQQUNwDQGVpaA +RwjMK+JSbpm0CdGrwG1ZkNWX1OMc4Q== +-----END PRIVATE KEY----- diff --git a/docs/secure-communication.md b/docs/secure-communication.md index 98abc33dd9..5d36b0391e 100644 --- a/docs/secure-communication.md +++ b/docs/secure-communication.md @@ -54,10 +54,76 @@ If you wish to secure the gRPC connection to `things` and `users` services you m # Mutual authentication -In the most of the cases, HTTPS, WSS, MQTTS or secure CoAP are secure enough. However, sometimes you might need even more secure connection. Mainflux supports mutual TLS authentication (*mTLS*) based on (X.509 certificates)[https://tools.ietf.org/html/rfc5280]. By default the TLS protocol only proves the identity of the server to the client using X.509 certificate and the authentication of the client to the server is left to the application layer. TLS also offers client-to-server authentication using client-side X.509 authentication. This is called two-way or mutual authentication (_mTLS_). Mainflux currently supports mTLS over HTTP, WS, and MQTT protocols. In order to run Docker composition with mTLS turned on, you can execute following command from the project root: +In the most of the cases, HTTPS, WSS, MQTTS or secure CoAP are secure enough. However, sometimes you might need even more secure connection. Mainflux supports mutual TLS authentication (_mTLS_) based on (X.509 certificates)[https://tools.ietf.org/html/rfc5280]. By default the TLS protocol only proves the identity of the server to the client using X.509 certificate and the authentication of the client to the server is left to the application layer. TLS also offers client-to-server authentication using client-side X.509 authentication. This is called two-way or mutual authentication. Mainflux currently supports mTLS over HTTP, WS, and MQTT protocols. In order to run Docker composition with mTLS turned on, you can execute following command from the project root: ```bash AUTH=x509 docker-compose -f docker/docker-compose.yml up -d ``` -Mutual authentication includes client side certificates. Certificates can be generated using simple script provided (here)[http://www.github.com/mainflux/mainflux/tree/master/docker/ssl/Makefile]. In order to create a valid certificate, you need to create Mainflux thing using the process described in the [provisioning section](provisioning.md). +Mutual authentication includes client side certificates. Certificates can be generated using simple script provided (here)[http://www.github.com/mainflux/mainflux/tree/master/docker/ssl/Makefile]. In order to create a valid certificate, you need to create Mainflux thing using the process described in the [provisioning section](provisioning.md). After that, you need to fetch created thing key. Thing key will be used to create x.509 certificate for corresponding thing. TO create certificate, execute following commands: + +```bash +cd docker/ssl +make ca +make server_cert +make thing_cert KEY= CRT_FILE_NAME= +``` +These commands use (OpenSSL)[https://www.openssl.org/] tool, so please make sure that you have it installed and set up before running these commands. + + - Command `make ca` wil generate self-signed certificate that will later be used as a CA to sign other generated certificates. CA will expire in 3 years. + - Command `make server_cert` will generated and sign (with previously created CA) server cert, which will expire after 1000 days. This cert is used as a Mainflux server-side certificate in usual TLS flow to establish HTTPS, WSS, or MQTTS connection. + - Command `make thing_cert` wil finally generate and sign client-side certificate and private key for the thing. + +In this example `` represents key of the thing, and `` represents name of the certificate and key file which will be saved in `docker/ssl/certs` directory. Generated Certificate will expire after 2 years. This script is created for the testing purposes and is not meant to be used in production. We strongly recommend avoiding self-signed certificates and using certificate management tool such as (Vault)[https://www.vaultproject.io/] for the production. + +Once you have created CA and server-side cert, you can spin the composition using: + +```bash +AUTH=x509 docker-compose -f docker/docker-compose.yml up -d +``` + +Then, you can create user and provision things and channels. Now, in order to send a message from the specific thing to the channel, you need to connect thing to the channel and generate corresponding client certificate using aforementioned commands. To publish a message to the channel, thing should send following request: + +_HTTPS:_ +```bash +curl -s -S -i --cacert docker/ssl/certs/ca.crt --cert docker/ssl/certs/.crt --key docker/ssl/certs/.key --insecure -X POST -H "Content-Type: application/senml+json" https://localhost/http/channels//messages -d '[{"bn":"some-base-name:","bt":1.276020076001e+09, "bu":"A","bver":5, "n":"voltage","u":"V","v":120.1}, {"n":"current","t":-5,"v":1.2}, {"n":"current","t":-4,"v":1.3}]' +``` + +_MQTTS_: + +###### PUBLISH +```bash +mosquitto_pub -u -P -t channels//messages -h localhost --cafile docker/ssl/certs/ca.crt --cert docker/ssl/certs/.crt --key docker/ssl/certs/.key -m '[{"bn":"some-base-name:","bt":1.276020076001e+09, "bu":"A","bver":5, "n":"voltage","u":"V","v":120.1}, {"n":"current","t":-5,"v":1.2}, {"n":"current","t":-4,"v":1.3}]' +``` +###### SUBSCRIBE +``` +mosquitto_sub -u -P --cafile docker/ssl/certs/ca.crt --cert docker/ssl/certs/.crt --key docker/ssl/certs/.key -t channels//messages -h localhost +``` + +_WSS:_ +```javascript +const WebSocket = require('ws'); + +// do not verify self-signed certificates if you are using one +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0' + +// cbf02d60-72f2-4180-9f82-2c957db929d1 is an example of a thing_auth_key +// d7a0257c-7462-4e3c-8c76-62c45229a1f9 is an example of channel_id +const ws = new WebSocket('wss://localhost/ws/channels/d7a0257c-7462-4e3c-8c76-62c45229a1f9/messages?authorization=cbf02d60-72f2-4180-9f82-2c957db929d1', +// This is ClientOptions object that contains client cert and client key in the form of string. You can easily load these strings from cert and key files. +{ + cert: `-----BEGIN CERTIFICATE-----....`, + key: `-----BEGIN RSA PRIVATE KEY-----.....` +}) + +ws.on('open', () => { + ws.send('something') +}) + +ws.on('message', (data) => { + console.log(data) +}) +ws.on('error', (e) => { + console.log(e) +}) +``` From 5f3891938d47ea67bfe8daee6476e7c4eb0a7397 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Thu, 28 Mar 2019 16:09:05 +0100 Subject: [PATCH 10/21] Add check if Authorization is present MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/ssl/access.js | 40 ++++++++++++++++++++++++++---------- docs/secure-communication.md | 11 +++++----- 2 files changed, 35 insertions(+), 16 deletions(-) diff --git a/docker/ssl/access.js b/docker/ssl/access.js index 590e89de24..cdc4c652aa 100644 --- a/docker/ssl/access.js +++ b/docker/ssl/access.js @@ -1,19 +1,19 @@ -var clientKey = ""; +var clientKey = ''; function access(s) { s.on('upload', function (data) { - while (data == "") { + while (data == '') { return s.AGAIN } - if (clientKey === "") { - clientKey = parseCert(s.variables.ssl_client_s_dn, "CN"); + if (clientKey === '') { + clientKey = parseCert(s.variables.ssl_client_s_dn, 'CN'); } var pass = parsePackage(s, data); if (!clientKey.length || pass !== clientKey) { - s.log("Cert CN (" + clientKey + ") does not match ID"); + s.error('Cert CN (' + clientKey + ') does not match client ID'); s.off('upload') s.deny(); } @@ -46,7 +46,8 @@ function parsePackage(s, data) { var flags = data.codePointAt(flags_pos); // If there are no username and password flags (11xxxxxx), return. if (flags < 192) { - return ""; + s.error('MQTT username or password not provided'); + return ''; } // FLAGS(1) + KEEP_ALIVE(2) var shift = flags_pos + 1 + 2; @@ -73,12 +74,29 @@ function parsePackage(s, data) { return password; } - return ""; + return ''; } function setKey(r) { - if (clientKey === "") { - clientKey = parseCert(r.variables.ssl_client_s_dn, "CN"); + if (clientKey === '') { + clientKey = parseCert(r.variables.ssl_client_s_dn, 'CN'); + } + + var auth = r.headersIn['Authorization']; + if (auth.length && auth != clientKey) { + r.error('Authorization header does not match certificate'); + return ''; + } + + if (r.uri.startsWith('/ws') && !auth.length) { + var a; + for (a in r.args) { + if (a == 'authorization' && r.args[a] === clientKey) { + return clientKey; + } + } + r.error('Authorization param does not match certificate'); + return ''; } return clientKey; @@ -86,7 +104,7 @@ function setKey(r) { function calcLen(msb, lsb) { if (lsb < 2) { - lsb = "0" + lsb; + lsb = '0' + lsb; } return parseInt(msb + lsb, 16); @@ -103,5 +121,5 @@ function parseCert(cert, key) { } } - return ""; + return ''; } diff --git a/docs/secure-communication.md b/docs/secure-communication.md index 5d36b0391e..c7a9ef542d 100644 --- a/docs/secure-communication.md +++ b/docs/secure-communication.md @@ -74,7 +74,7 @@ These commands use (OpenSSL)[https://www.openssl.org/] tool, so please make sure - Command `make server_cert` will generated and sign (with previously created CA) server cert, which will expire after 1000 days. This cert is used as a Mainflux server-side certificate in usual TLS flow to establish HTTPS, WSS, or MQTTS connection. - Command `make thing_cert` wil finally generate and sign client-side certificate and private key for the thing. -In this example `` represents key of the thing, and `` represents name of the certificate and key file which will be saved in `docker/ssl/certs` directory. Generated Certificate will expire after 2 years. This script is created for the testing purposes and is not meant to be used in production. We strongly recommend avoiding self-signed certificates and using certificate management tool such as (Vault)[https://www.vaultproject.io/] for the production. +In this example `` represents key of the thing, and `` represents name of the certificate and key file which will be saved in `docker/ssl/certs` directory. Generated Certificate will expire after 2 years. The key must be stored in the x.509 certificate "CN" field. This script is created for the testing purposes and is not meant to be used in production. We strongly recommend avoiding self-signed certificates and using certificate management tool such as (Vault)[https://www.vaultproject.io/] for the production. Once you have created CA and server-side cert, you can spin the composition using: @@ -104,12 +104,11 @@ _WSS:_ ```javascript const WebSocket = require('ws'); -// do not verify self-signed certificates if you are using one +// Do not verify self-signed certificates if you are using one. process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0' -// cbf02d60-72f2-4180-9f82-2c957db929d1 is an example of a thing_auth_key -// d7a0257c-7462-4e3c-8c76-62c45229a1f9 is an example of channel_id -const ws = new WebSocket('wss://localhost/ws/channels/d7a0257c-7462-4e3c-8c76-62c45229a1f9/messages?authorization=cbf02d60-72f2-4180-9f82-2c957db929d1', +// Replace and with real values. +const ws = new WebSocket('wss://localhost/ws/channels//messages?authorization=', // This is ClientOptions object that contains client cert and client key in the form of string. You can easily load these strings from cert and key files. { cert: `-----BEGIN CERTIFICATE-----....`, @@ -127,3 +126,5 @@ ws.on('error', (e) => { console.log(e) }) ``` + +As you can see, `Authorization` header does not have to be present in the the HTTP request, since the key is present in the certificate. However, if yoy pass `Authorization` header, it _must be the same as the key in the cert_. In the case of MQTTS, `password` filed in CONNECT message _must match the key from the certificate_. In the case of WSS, `Authorization` header or `authorization` query parameter _must match cert key_. \ No newline at end of file From c7437c0e938d8a6b1b2a17873cf8a67b8ec4b3c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Fri, 29 Mar 2019 17:58:30 +0100 Subject: [PATCH 11/21] Add check if Will Flag is 1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/nginx/nginx-x509.conf | 6 +- docker/ssl/access.js | 125 -------------------------- docker/ssl/authorization.js | 166 +++++++++++++++++++++++++++++++++++ 3 files changed, 169 insertions(+), 128 deletions(-) delete mode 100644 docker/ssl/access.js create mode 100644 docker/ssl/authorization.js diff --git a/docker/nginx/nginx-x509.conf b/docker/nginx/nginx-x509.conf index 6f687d7f21..7ab11e2767 100644 --- a/docker/nginx/nginx-x509.conf +++ b/docker/nginx/nginx-x509.conf @@ -27,7 +27,7 @@ http { ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; - js_include access.js; + js_include authorization.js; js_set $auth_key setKey; server { @@ -192,7 +192,7 @@ http { # MQTT stream { - js_include access.js; + js_include authorization.js; server { listen 8883 ssl; listen [::]:8883 ssl; @@ -211,7 +211,7 @@ stream { ssl_session_tickets off; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; - js_preread access; + js_preread authenticate; proxy_pass mqtt-adapter:1883; } diff --git a/docker/ssl/access.js b/docker/ssl/access.js deleted file mode 100644 index cdc4c652aa..0000000000 --- a/docker/ssl/access.js +++ /dev/null @@ -1,125 +0,0 @@ -var clientKey = ''; - -function access(s) { - s.on('upload', function (data) { - while (data == '') { - return s.AGAIN - } - - if (clientKey === '') { - clientKey = parseCert(s.variables.ssl_client_s_dn, 'CN'); - } - - var pass = parsePackage(s, data); - - if (!clientKey.length || pass !== clientKey) { - s.error('Cert CN (' + clientKey + ') does not match client ID'); - s.off('upload') - s.deny(); - } - - s.off('upload'); - s.allow(); - }) -} - -function parsePackage(s, data) { - // An explanation of MQTT packet structure can be found here: - // https://public.dhe.ibm.com/software/dw/webservices/ws-mqtt/mqtt-v3r1.html#msg-format. - var packet_type_flags_byte = data.codePointAt(0); - // First MQTT packet contain message type and flags. CONN message type - // is encoded as 0001, and we're not interested in flags, so all values - // 0001xxxx are valid for us, which is between 16 and 32. - if (packet_type_flags_byte >= 16 && packet_type_flags_byte < 32) { - // Extract variable length header. It's 1-4 bytes. As long as continuation byte is - // 1, there are more bytes in this header. - var len_size = 1; - for (var remaining_len = 1; remaining_len < 5; remaining_len++) { - if (data.codePointAt(remaining_len) > 128) { - len_size += 1; - continue; - } - break; - } - // CONTROL(1) + MSG_LEN(1-4) + PROTO_NAME_LEN(2) + PROTO_NAME(4) + PROTO_VERSION(1) - var flags_pos = 1 + len_size + 2 + 4 + 1; - var flags = data.codePointAt(flags_pos); - // If there are no username and password flags (11xxxxxx), return. - if (flags < 192) { - s.error('MQTT username or password not provided'); - return ''; - } - // FLAGS(1) + KEEP_ALIVE(2) - var shift = flags_pos + 1 + 2; - - var client_id_len_msb = data.codePointAt(shift).toString(16); - var client_id_len_lsb = data.codePointAt(shift + 1).toString(16); - var client_id_len = calcLen(client_id_len_msb, client_id_len_lsb); - - shift = shift + 2 + client_id_len; - - var username_len_msb = data.codePointAt(shift).toString(16); - var username_len_lsb = data.codePointAt(shift + 1).toString(16); - var username_len = calcLen(username_len_msb, username_len_lsb); - - shift = shift + 2 + username_len; - - var password_len_msb = data.codePointAt(shift).toString(16); - var password_len_lsb = data.codePointAt(shift + 1).toString(16); - var password_len = calcLen(password_len_msb, password_len_lsb); - - shift += 2; - var password = data.substring(shift, shift + password_len); - - return password; - } - - return ''; -} - -function setKey(r) { - if (clientKey === '') { - clientKey = parseCert(r.variables.ssl_client_s_dn, 'CN'); - } - - var auth = r.headersIn['Authorization']; - if (auth.length && auth != clientKey) { - r.error('Authorization header does not match certificate'); - return ''; - } - - if (r.uri.startsWith('/ws') && !auth.length) { - var a; - for (a in r.args) { - if (a == 'authorization' && r.args[a] === clientKey) { - return clientKey; - } - } - r.error('Authorization param does not match certificate'); - return ''; - } - - return clientKey; -} - -function calcLen(msb, lsb) { - if (lsb < 2) { - lsb = '0' + lsb; - } - - return parseInt(msb + lsb, 16); -} - -function parseCert(cert, key) { - if (cert.length) { - var pairs = cert.split(','); - for (var i = 0; i < pairs.length; i++) { - var pair = pairs[i].split('='); - if (pair[0].toUpperCase() == key) { - return pair[1]; - } - } - } - - return ''; -} diff --git a/docker/ssl/authorization.js b/docker/ssl/authorization.js new file mode 100644 index 0000000000..ce6177a815 --- /dev/null +++ b/docker/ssl/authorization.js @@ -0,0 +1,166 @@ +var clientKey = ''; + +function authenticate(s) { + if (!s.variables.ssl_client_s_dn || !s.variables.ssl_client_s_dn.length) { + s.deny(); + return + } + + s.on('upload', function (data) { + while (data == '') { + return s.AGAIN + } + + if (clientKey === '') { + clientKey = parseCert(s.variables.ssl_client_s_dn, 'CN'); + } + + var pass = parsePackage(s, data); + + if (!clientKey.length || pass !== clientKey) { + s.error('Cert CN (' + clientKey + ') does not match client ID'); + s.off('upload') + s.deny(); + } + + s.off('upload'); + s.allow(); + }) +} + +function parsePackage(s, data) { + // An explanation of MQTT packet structure can be found here: + // https://public.dhe.ibm.com/software/dw/webservices/ws-mqtt/mqtt-v3r1.html#msg-format. + + // CONNECT message is explained here: + // https://public.dhe.ibm.com/software/dw/webservices/ws-mqtt/mqtt-v3r1.html#connect. + + /* + 0 1 2 3 + 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | TYPE | RSRVD | REMAINING LEN | PROTOCOL NAME LEN | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PROTOCOL NAME | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| + | VERSION | FLAGS | KEEP ALIVE | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| + | Payload (if any) ... | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + First byte with remaining length represents fixed header. + Remaining Length is the length of the variable header (10 bytes) plus the length of the Payload. + It is encoded in the manner described here: + http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/errata01/os/mqtt-v3.1.1-errata01-os-complete.html#_Toc442180836. + + Connect flags byte looks like this: + | 7 | 6 | 5 | 4 3 | 2 | 1 | 0 | + | Username Flag | Password Flag | Will Retain | Will QoS | Will Flag | Clean Session | Reserved | + + The payload is determined by the flags and comes in this order: + 1. Client ID (2 bytes length + ID value) + 2. Will Topic (2 bytes length + Will Topic value) if Will Flag is 1. + 3. Will Message (2 bytes length + Will Message value) if Will Flag is 1. + 4. User Name (2 bytes length + User Name value) if User Name Flag is 1. + 5. Password (2 bytes length + Password value) if Password Flag is 1. + + This method extracts Password field. + */ + + var packet_type_flags_byte = data.codePointAt(0); + // First MQTT packet contain message type and flags. CONN message type + // is encoded as 0001, and we're not interested in flags, so all values + // 0001xxxx are valid for us, which is between 16 and 32. + if (packet_type_flags_byte >= 16 && packet_type_flags_byte < 32) { + // Extract variable length header. It's 1-4 bytes. As long as continuation byte is + // 1, there are more bytes in this header. This algorithm is explained here: + // http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/errata01/os/mqtt-v3.1.1-errata01-os-complete.html#_Toc442180836 + var len_size = 1; + for (var remaining_len = 1; remaining_len < 5; remaining_len++) { + if (data.codePointAt(remaining_len) > 128) { + len_size += 1; + continue; + } + break; + } + // CONTROL(1) + MSG_LEN(1-4) + PROTO_NAME_LEN(2) + PROTO_NAME(4) + PROTO_VERSION(1) + var flags_pos = 1 + len_size + 2 + 4 + 1; + var flags = data.codePointAt(flags_pos); + // If there are no username and password flags (11xxxxxx), return. + if (flags < 192) { + s.error('MQTT username or password not provided'); + return ''; + } + // FLAGS(1) + KEEP_ALIVE(2) + var shift = flags_pos + 1 + 2; + + // Number of bytes to encode length. + var len_bytes_num = 2; + // If Wil Flag is present, Will Topic and Will Message need to be skipped as well. + var shift_flags = 196 <= flags ? 5 : 3; + var len_msb, len_lsb, len; + for (var i = 0; i < shift_flags; i++) { + len_msb = data.codePointAt(shift).toString(16); + len_lsb = data.codePointAt(shift + 1).toString(16); + len = calcLen(len_msb, len_lsb); + shift += len_bytes_num; + if (i != shift_flags - 1) { + shift += len; + } + } + + var password = data.substring(shift, shift + len); + return password; + } + + return ''; + +} + +function setKey(r) { + if (clientKey === '') { + clientKey = parseCert(r.variables.ssl_client_s_dn, 'CN'); + } + + var auth = r.headersIn['Authorization']; + if (auth.length && auth != clientKey) { + r.error('Authorization header does not match certificate'); + return ''; + } + + if (r.uri.startsWith('/ws') && !auth.length) { + var a; + for (a in r.args) { + if (a == 'authorization' && r.args[a] === clientKey) { + return clientKey; + } + } + + r.error('Authorization param does not match certificate'); + return ''; + } + + return clientKey; +} + +function calcLen(msb, lsb) { + if (lsb < 2) { + lsb = '0' + lsb; + } + + return parseInt(msb + lsb, 16); +} + +function parseCert(cert, key) { + if (cert.length) { + var pairs = cert.split(','); + for (var i = 0; i < pairs.length; i++) { + var pair = pairs[i].split('='); + if (pair[0].toUpperCase() == key) { + return pair[1]; + } + } + } + + return ''; +} From ecd1b8b30250b81ce48ae57e7f40cda34924903b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Fri, 29 Mar 2019 18:03:31 +0100 Subject: [PATCH 12/21] Return MQTT over WS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/nginx/nginx-key.conf | 23 +++++++++++++++++++++++ docker/nginx/nginx-x509.conf | 23 +++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/docker/nginx/nginx-key.conf b/docker/nginx/nginx-key.conf index 9f0c49cc41..5538b01cac 100644 --- a/docker/nginx/nginx-key.conf +++ b/docker/nginx/nginx-key.conf @@ -146,6 +146,29 @@ http { return 200; } } + + # Proxy pass to mainflux-mqtt-adapter over WS + location /mqtt { + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_connect_timeout 7d; + proxy_send_timeout 7d; + proxy_read_timeout 7d; + proxy_pass http://mqtt-adapter:8880/; + + # Allow OPTIONS method CORS + if ($request_method = OPTIONS ) { + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + } location / { proxy_redirect off; diff --git a/docker/nginx/nginx-x509.conf b/docker/nginx/nginx-x509.conf index 7ab11e2767..990fc0eeff 100644 --- a/docker/nginx/nginx-x509.conf +++ b/docker/nginx/nginx-x509.conf @@ -168,6 +168,29 @@ http { } } + # Proxy pass to mainflux-mqtt-adapter over WS + location /mqtt { + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_connect_timeout 7d; + proxy_send_timeout 7d; + proxy_read_timeout 7d; + proxy_pass http://mqtt-adapter:8880/; + + # Allow OPTIONS method CORS + if ($request_method = OPTIONS ) { + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + } + location / { proxy_redirect off; proxy_set_header Host $host; From ece2f48a701f9f34bfff9669fc4039098460091c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Fri, 29 Mar 2019 18:20:21 +0100 Subject: [PATCH 13/21] Fix docker-compose.yml volume mapping MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index b6fb1ec7be..fd40222350 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -19,7 +19,7 @@ services: restart: on-failure volumes: - ./nginx/nginx-${AUTH-key}.conf:/etc/nginx/nginx.conf - - ./ssl/access.js:/etc/nginx/access.js + - ./ssl/authorization.js:/etc/nginx/authorization.js - ./ssl/certs/mainflux-server.crt:/etc/ssl/certs/mainflux-server.crt - ./ssl/certs/ca.crt:/etc/ssl/certs/ca.crt - ./ssl/certs/mainflux-server.key:/etc/ssl/private/mainflux-server.key From e8cefe6b511d455cdb3aa23c5d1958b817ccc751 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Fri, 29 Mar 2019 18:24:32 +0100 Subject: [PATCH 14/21] Rename security section in docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docs/{secure-communication.md => security.md} | 1 + 1 file changed, 1 insertion(+) rename docs/{secure-communication.md => security.md} (99%) diff --git a/docs/secure-communication.md b/docs/security.md similarity index 99% rename from docs/secure-communication.md rename to docs/security.md index c7a9ef542d..dd27a68030 100644 --- a/docs/secure-communication.md +++ b/docs/security.md @@ -1,3 +1,4 @@ +# **SECURING COMMUNICATION** By default gRPC communication is not secure as Mainflux system is most often run in a private network behind the reverse proxy. From 5a6fba6bc9984ba54c4fa4abf16aa51b5857bcd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Fri, 29 Mar 2019 20:22:12 +0100 Subject: [PATCH 15/21] Add message type check before message parsing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/nginx/nginx-key.conf | 13 ++-- docker/nginx/nginx-x509.conf | 19 ++++-- docker/ssl/authorization.js | 112 ++++++++++++++++++----------------- mkdocs.yml | 2 +- 4 files changed, 83 insertions(+), 63 deletions(-) diff --git a/docker/nginx/nginx-key.conf b/docker/nginx/nginx-key.conf index 5538b01cac..50c5c55ff6 100644 --- a/docker/nginx/nginx-key.conf +++ b/docker/nginx/nginx-key.conf @@ -1,6 +1,11 @@ -### -# Mainflux NGINX Configuration -### +## +## Copyright (c) 2018 +## Mainflux +## +## SPDX-License-Identifier: Apache-2.0 +## + +# This is the default Mainflux NGINX configuration. user nginx; worker_processes auto; @@ -188,8 +193,8 @@ http { } } +# MQTT stream { - # MQTT server { listen 8883 ssl; listen [::]:8883 ssl; diff --git a/docker/nginx/nginx-x509.conf b/docker/nginx/nginx-x509.conf index 990fc0eeff..dd8087db2e 100644 --- a/docker/nginx/nginx-x509.conf +++ b/docker/nginx/nginx-x509.conf @@ -1,6 +1,11 @@ -### -# Mainflux NGINX Configuration -### +## +## Copyright (c) 2018 +## Mainflux +## +## SPDX-License-Identifier: Apache-2.0 +## + +# This is the Mainflux NGINX configuration for mututal authentication based on X.509 certifiactes. user nginx; worker_processes auto; @@ -13,7 +18,6 @@ events { worker_connections 768; } -# HTTP http { sendfile on; tcp_nopush on; @@ -170,6 +174,13 @@ http { # Proxy pass to mainflux-mqtt-adapter over WS location /mqtt { + if ($ssl_client_verify != SUCCESS) { + return 403; + } + if ($auth_key = '') { + return 403; + } + proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; diff --git a/docker/ssl/authorization.js b/docker/ssl/authorization.js index ce6177a815..d7dca91417 100644 --- a/docker/ssl/authorization.js +++ b/docker/ssl/authorization.js @@ -1,5 +1,6 @@ var clientKey = ''; +// Check certificate MQTTS. function authenticate(s) { if (!s.variables.ssl_client_s_dn || !s.variables.ssl_client_s_dn.length) { s.deny(); @@ -11,6 +12,16 @@ function authenticate(s) { return s.AGAIN } + var packet_type_flags_byte = data.codePointAt(0); + // First MQTT packet contain message type and flags. CONNECTON message type + // is encoded as 0001, and we're not interested in flags, so only values + // 0001xxxx (which is between 16 and 32) should be checked. + if (packet_type_flags_byte < 16 || packet_type_flags_byte >= 32) { + s.off('upload'); + s.allow(); + return; + } + if (clientKey === '') { clientKey = parseCert(s.variables.ssl_client_s_dn, 'CN'); } @@ -21,6 +32,7 @@ function authenticate(s) { s.error('Cert CN (' + clientKey + ') does not match client ID'); s.off('upload') s.deny(); + return; } s.off('upload'); @@ -37,16 +49,16 @@ function parsePackage(s, data) { /* 0 1 2 3 - 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | TYPE | RSRVD | REMAINING LEN | PROTOCOL NAME LEN | - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | TYPE | RSRVD | REMAINING LEN | PROTOCOL NAME LEN | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PROTOCOL NAME | - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| - | VERSION | FLAGS | KEEP ALIVE | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| - | Payload (if any) ... | - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | VERSION | FLAGS | KEEP ALIVE | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| + | Payload (if any) ... | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ First byte with remaining length represents fixed header. Remaining Length is the length of the variable header (10 bytes) plus the length of the Payload. @@ -54,8 +66,8 @@ function parsePackage(s, data) { http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/errata01/os/mqtt-v3.1.1-errata01-os-complete.html#_Toc442180836. Connect flags byte looks like this: - | 7 | 6 | 5 | 4 3 | 2 | 1 | 0 | - | Username Flag | Password Flag | Will Retain | Will QoS | Will Flag | Clean Session | Reserved | + | 7 | 6 | 5 | 4 3 | 2 | 1 | 0 | + | Username Flag | Password Flag | Will Retain | Will QoS | Will Flag | Clean Session | Reserved | The payload is determined by the flags and comes in this order: 1. Client ID (2 bytes length + ID value) @@ -67,56 +79,48 @@ function parsePackage(s, data) { This method extracts Password field. */ - var packet_type_flags_byte = data.codePointAt(0); - // First MQTT packet contain message type and flags. CONN message type - // is encoded as 0001, and we're not interested in flags, so all values - // 0001xxxx are valid for us, which is between 16 and 32. - if (packet_type_flags_byte >= 16 && packet_type_flags_byte < 32) { - // Extract variable length header. It's 1-4 bytes. As long as continuation byte is - // 1, there are more bytes in this header. This algorithm is explained here: - // http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/errata01/os/mqtt-v3.1.1-errata01-os-complete.html#_Toc442180836 - var len_size = 1; - for (var remaining_len = 1; remaining_len < 5; remaining_len++) { - if (data.codePointAt(remaining_len) > 128) { - len_size += 1; - continue; - } - break; - } - // CONTROL(1) + MSG_LEN(1-4) + PROTO_NAME_LEN(2) + PROTO_NAME(4) + PROTO_VERSION(1) - var flags_pos = 1 + len_size + 2 + 4 + 1; - var flags = data.codePointAt(flags_pos); - // If there are no username and password flags (11xxxxxx), return. - if (flags < 192) { - s.error('MQTT username or password not provided'); - return ''; + // Extract variable length header. It's 1-4 bytes. As long as continuation byte is + // 1, there are more bytes in this header. This algorithm is explained here: + // http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/errata01/os/mqtt-v3.1.1-errata01-os-complete.html#_Toc442180836 + var len_size = 1; + for (var remaining_len = 1; remaining_len < 5; remaining_len++) { + if (data.codePointAt(remaining_len) > 128) { + len_size += 1; + continue; } - // FLAGS(1) + KEEP_ALIVE(2) - var shift = flags_pos + 1 + 2; - - // Number of bytes to encode length. - var len_bytes_num = 2; - // If Wil Flag is present, Will Topic and Will Message need to be skipped as well. - var shift_flags = 196 <= flags ? 5 : 3; - var len_msb, len_lsb, len; - for (var i = 0; i < shift_flags; i++) { - len_msb = data.codePointAt(shift).toString(16); - len_lsb = data.codePointAt(shift + 1).toString(16); - len = calcLen(len_msb, len_lsb); - shift += len_bytes_num; - if (i != shift_flags - 1) { - shift += len; - } + break; + } + // CONTROL(1) + MSG_LEN(1-4) + PROTO_NAME_LEN(2) + PROTO_NAME(4) + PROTO_VERSION(1) + var flags_pos = 1 + len_size + 2 + 4 + 1; + var flags = data.codePointAt(flags_pos); + // If there are no username and password flags (11xxxxxx), return. + if (flags < 192) { + s.error('MQTT username or password not provided'); + return ''; + } + // FLAGS(1) + KEEP_ALIVE(2) + var shift = flags_pos + 1 + 2; + + // Number of bytes to encode length. + var len_bytes_num = 2; + // If Wil Flag is present, Will Topic and Will Message need to be skipped as well. + var shift_flags = 196 <= flags ? 5 : 3; + var len_msb, len_lsb, len; + for (var i = 0; i < shift_flags; i++) { + len_msb = data.codePointAt(shift).toString(16); + len_lsb = data.codePointAt(shift + 1).toString(16); + len = calcLen(len_msb, len_lsb); + shift += len_bytes_num; + if (i != shift_flags - 1) { + shift += len; } - - var password = data.substring(shift, shift + len); - return password; } - return ''; - + var password = data.substring(shift, shift + len); + return password; } +// Check certificate HTTPS and WSS. function setKey(r) { if (clientKey === '') { clientKey = parseCert(r.variables.ssl_client_s_dn, 'CN'); diff --git a/mkdocs.yml b/mkdocs.yml index 758f99a26c..5415de4c42 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -33,7 +33,7 @@ pages: - Messaging: messaging.md - Storage: storage.md - LoRa: lora.md -- Securing communication: secure-communication.md +- Security: security.md - CLI: cli.md - Bootstrap: bootstrap.md - Developer's Guide: dev-guide.md From 83b56b5cddbd0fdfa66568cb722bcc3ef16879de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Mon, 1 Apr 2019 10:24:35 +0200 Subject: [PATCH 16/21] Remove double comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/nginx/nginx-key.conf | 13 ++++++------- docker/nginx/nginx-x509.conf | 13 ++++++------- 2 files changed, 12 insertions(+), 14 deletions(-) diff --git a/docker/nginx/nginx-key.conf b/docker/nginx/nginx-key.conf index 50c5c55ff6..64f82fa0ba 100644 --- a/docker/nginx/nginx-key.conf +++ b/docker/nginx/nginx-key.conf @@ -1,10 +1,9 @@ -## -## Copyright (c) 2018 -## Mainflux -## -## SPDX-License-Identifier: Apache-2.0 -## - +# +# Copyright (c) 2018 +# Mainflux +# +# SPDX-License-Identifier: Apache-2.0 +# # This is the default Mainflux NGINX configuration. user nginx; diff --git a/docker/nginx/nginx-x509.conf b/docker/nginx/nginx-x509.conf index dd8087db2e..9ebfafe1c3 100644 --- a/docker/nginx/nginx-x509.conf +++ b/docker/nginx/nginx-x509.conf @@ -1,10 +1,9 @@ -## -## Copyright (c) 2018 -## Mainflux -## -## SPDX-License-Identifier: Apache-2.0 -## - +# +# Copyright (c) 2018 +# Mainflux +# +# SPDX-License-Identifier: Apache-2.0 +# # This is the Mainflux NGINX configuration for mututal authentication based on X.509 certifiactes. user nginx; From 5cf7bb459a183823014d8aaf8764a3c400aef160 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Mon, 1 Apr 2019 10:27:25 +0200 Subject: [PATCH 17/21] Remove s.AGAIN in return MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/ssl/authorization.js | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/docker/ssl/authorization.js b/docker/ssl/authorization.js index d7dca91417..7eea0e152f 100644 --- a/docker/ssl/authorization.js +++ b/docker/ssl/authorization.js @@ -2,18 +2,19 @@ var clientKey = ''; // Check certificate MQTTS. function authenticate(s) { - if (!s.variables.ssl_client_s_dn || !s.variables.ssl_client_s_dn.length) { + if (!s.variables.ssl_client_s_dn || !s.variables.ssl_client_s_dn.length || + !s.variables.ssl_client_verify || s.variables.ssl_client_verify != "SUCCESS") { s.deny(); return } s.on('upload', function (data) { - while (data == '') { - return s.AGAIN + if (data == '') { + return; } var packet_type_flags_byte = data.codePointAt(0); - // First MQTT packet contain message type and flags. CONNECTON message type + // First MQTT packet contain message type and flags. CONNECT message type // is encoded as 0001, and we're not interested in flags, so only values // 0001xxxx (which is between 16 and 32) should be checked. if (packet_type_flags_byte < 16 || packet_type_flags_byte >= 32) { @@ -29,7 +30,7 @@ function authenticate(s) { var pass = parsePackage(s, data); if (!clientKey.length || pass !== clientKey) { - s.error('Cert CN (' + clientKey + ') does not match client ID'); + s.error('Cert CN (' + clientKey + ') does not match client password'); s.off('upload') s.deny(); return; @@ -53,13 +54,13 @@ function parsePackage(s, data) { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TYPE | RSRVD | REMAINING LEN | PROTOCOL NAME LEN | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | PROTOCOL NAME | + | PROTOCOL NAME | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | VERSION | FLAGS | KEEP ALIVE | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | Payload (if any) ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - + First byte with remaining length represents fixed header. Remaining Length is the length of the variable header (10 bytes) plus the length of the Payload. It is encoded in the manner described here: @@ -77,7 +78,7 @@ function parsePackage(s, data) { 5. Password (2 bytes length + Password value) if Password Flag is 1. This method extracts Password field. - */ + */ // Extract variable length header. It's 1-4 bytes. As long as continuation byte is // 1, there are more bytes in this header. This algorithm is explained here: @@ -90,22 +91,27 @@ function parsePackage(s, data) { } break; } + // CONTROL(1) + MSG_LEN(1-4) + PROTO_NAME_LEN(2) + PROTO_NAME(4) + PROTO_VERSION(1) var flags_pos = 1 + len_size + 2 + 4 + 1; var flags = data.codePointAt(flags_pos); + // If there are no username and password flags (11xxxxxx), return. if (flags < 192) { s.error('MQTT username or password not provided'); return ''; } + // FLAGS(1) + KEEP_ALIVE(2) var shift = flags_pos + 1 + 2; - + // Number of bytes to encode length. var len_bytes_num = 2; + // If Wil Flag is present, Will Topic and Will Message need to be skipped as well. var shift_flags = 196 <= flags ? 5 : 3; var len_msb, len_lsb, len; + for (var i = 0; i < shift_flags; i++) { len_msb = data.codePointAt(shift).toString(16); len_lsb = data.codePointAt(shift + 1).toString(16); From 36346dd172ce833513891beb58fd9fb30d6d7b99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Mon, 1 Apr 2019 10:48:25 +0200 Subject: [PATCH 18/21] Update Makefile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/ssl/Makefile | 2 + docker/ssl/certs/ca.crt | 32 ++++----- docker/ssl/certs/ca.key | 52 +++++++------- docker/ssl/certs/ca.srl | 1 + docker/ssl/certs/mainflux-server.crt | 40 +++++------ docker/ssl/certs/mainflux-server.key | 100 +++++++++++++-------------- docker/ssl/certs/thing.crt | 40 +++++------ docker/ssl/certs/thing.key | 100 +++++++++++++-------------- 8 files changed, 185 insertions(+), 182 deletions(-) create mode 100644 docker/ssl/certs/ca.srl diff --git a/docker/ssl/Makefile b/docker/ssl/Makefile index 8ceecdfb6b..9cf19bd2fd 100644 --- a/docker/ssl/Makefile +++ b/docker/ssl/Makefile @@ -8,10 +8,12 @@ CRT_FILE_NAME = thing all: clean_certs ca server_crt +# CA name and key is "ca". ca: openssl req -newkey rsa:2048 -x509 -nodes -sha512 -days 1095 \ -keyout $(CRT_LOCATION)/ca.key -out $(CRT_LOCATION)/ca.crt -subj "/CN=localhost/O=Mainflux/OU=IoT/emailAddress=info@mainflux.com" +# Server cert and key name is "mainflux-server". server_cert: # Create mainflux server key and CSR. openssl req -new -sha256 -newkey rsa:4096 -nodes -keyout $(CRT_LOCATION)/mainflux-server.key \ diff --git a/docker/ssl/certs/ca.crt b/docker/ssl/certs/ca.crt index 5ad9239fdb..1d9f2b85a1 100644 --- a/docker/ssl/certs/ca.crt +++ b/docker/ssl/certs/ca.crt @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIDjzCCAnegAwIBAgIUVz+4empD2xX8gTz6zBoy7Fgc1f8wDQYJKoZIhvcNAQEN +MIIDjzCCAnegAwIBAgIUQ1AagVQXCuOIzmGXm+KhsbyBc18wDQYJKoZIhvcNAQEN BQAwVzESMBAGA1UEAwwJbG9jYWxob3N0MREwDwYDVQQKDAhNYWluZmx1eDEMMAoG A1UECwwDSW9UMSAwHgYJKoZIhvcNAQkBFhFpbmZvQG1haW5mbHV4LmNvbTAeFw0x -OTAzMjgxMDM5MDlaFw0yMjAzMjcxMDM5MDlaMFcxEjAQBgNVBAMMCWxvY2FsaG9z +OTA0MDEwOTI3MDFaFw0yMjAzMzEwOTI3MDFaMFcxEjAQBgNVBAMMCWxvY2FsaG9z dDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsMA0lvVDEgMB4GCSqGSIb3DQEJ ARYRaW5mb0BtYWluZmx1eC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDATXfodr2Q2c2IDmd9PlQBLMC9scJ3I0IEM0cYjyJ/3fuetBQfvcrSYL6m -nbXvnLLIdoTfKI15JzWWhkAvH4aZkcQAkaZMfHL44xPBdgfn3kkUG07S1rs3Wk78 -+nrZXYy+pbCuWhZ2UjcO3JV1uJQFBMEWGCaU0rHzZz+u+/M7XsdGleSVfEz3aaqK -74kzZ3ffepMp2xNtUCLTpDVT4g/VCe/e/AgBz4v8xxaiBEuinUZNKMgBErsQiCVJ -eqRWruwNFEPpyu/Zq73tQTQo9KEhFtlGHwSiodLquHlVsuDg8CMhum/O8ATnqpfV -prrmHGU+NbP7sz7oGnx8rPCAr067AgMBAAGjUzBRMB0GA1UdDgQWBBQDee6Rg0vp -VgA8mR4Wu2Y1jr7J2TAfBgNVHSMEGDAWgBQDee6Rg0vpVgA8mR4Wu2Y1jr7J2TAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQCni1C0WojHDb7u9pKD -84nbnG0pr2AImtMEgyjK3S9sgtkitP5NBwP0jRUiy1R4tf+Vq6XLjlOz4ThhCd+n -t9ZeSclPOZ4vlbI+geW9nm0aPQbKuZgVsV9d46CSodQMOpIC4f6+wIajk7w3cE2F -RwkrdXNjTdrNU6R152FpH0e5ar776LKHzQs1Zah0pbq6fLYt5ZxvGT1foUrM6+4C -k9LMsq4XtNf2jkSxCWxsdM12/8rRrwqewp/2BlAkzmvRq6Cz34fjnSEKqHZL6qfd -1YfyK7I3oCwmk0DvejMTEbeBJP99ZI2p8oXzbXBCjv97o6rxjgV9J6gHmp5TtFBt -zz7B +AoIBAQCq6O4PHwgGOmEafjea5KocG80GYSYbvN37ums6fQ1wcmCxn8LtZek8WkfJ +S2NQQPDvn8QWRY7aUkTAW7cEB4vxpT25bevP7KJNFAS8XZO7NTfF8fscJS+YWSXz +VS0OFZ2YuqTnjCiqWf5mvjAkkXBGIYq+k2ONM1tHlEA0lzbLun2a9H/XarCG+znj +pfYpW6R08zFzXyGb4sI2pyYpP7iZLla7PTSZTt9h6jkY3qqMDhEHhPdlXDhO1O9/ +lA8yWMO9vKCzC7ngDXnV99Nl+tFhp9z9VkTUveLMuN9+riDJRfP25fOzHuRYzmsR +emYjD1NvSgsvFqSbFDVXB8kcyrXPAgMBAAGjUzBRMB0GA1UdDgQWBBRs4xR91qEj +NRGmw391xS7x6Tc+8jAfBgNVHSMEGDAWgBRs4xR91qEjNRGmw391xS7x6Tc+8jAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAAPMf7bVFhzUG8AYq0 +VS9BWVwVtdNzZ3X9FkG9O+tZZO43GlaToym8PmhJHF9wk3AA+pmgfcmBrHcTG0me +PeincN2euO0c4iv1f/i4bAY5/iq/Q0w/GiuTL5VLVpaH1SQrWhc0ZD7Ii+lVPpFQ +bJXKHFQBnZU7mWeQnL9W1SVhWfsSKShBkAEUeGXo3YMC7nYsFJkl/heC3sYqfrW4 +7fq80u+TU6HjGetSAWKacae7eeNmprMn0lFw2VqPQG3M4M0l9pEfcrRygOAnqNKO +aNi2UYKBla3XeDjObovOsXRScTKmJZwJ/STJlu+x5UAwF34ZBJy0O2qdd+kOxAhj +5Yq2 -----END CERTIFICATE----- diff --git a/docker/ssl/certs/ca.key b/docker/ssl/certs/ca.key index 3792f03dc3..e29d0f6ede 100644 --- a/docker/ssl/certs/ca.key +++ b/docker/ssl/certs/ca.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDATXfodr2Q2c2I -Dmd9PlQBLMC9scJ3I0IEM0cYjyJ/3fuetBQfvcrSYL6mnbXvnLLIdoTfKI15JzWW -hkAvH4aZkcQAkaZMfHL44xPBdgfn3kkUG07S1rs3Wk78+nrZXYy+pbCuWhZ2UjcO -3JV1uJQFBMEWGCaU0rHzZz+u+/M7XsdGleSVfEz3aaqK74kzZ3ffepMp2xNtUCLT -pDVT4g/VCe/e/AgBz4v8xxaiBEuinUZNKMgBErsQiCVJeqRWruwNFEPpyu/Zq73t -QTQo9KEhFtlGHwSiodLquHlVsuDg8CMhum/O8ATnqpfVprrmHGU+NbP7sz7oGnx8 -rPCAr067AgMBAAECggEBALn7cmeSR15LN3tJqw8285m7RaFwxQniQJu9WBpJfG08 -LHld4kSckwcKZ/jOeMIHw+UaswD8wG6W3D37EyJAFDZ8ApsmQjag+bT6MQYe+CBp -HDZk/sPsx14OamxCeAO3dUKBDrJhEG5Yr0UhUy9qV0XPRkrvColOiKpGhhHfPGuC -XmLgfJZGzi6J3YcS0gZKhvKIjAdBJopfKscCq3Q/ldTFQztgPbC190Fvj6F7mImo -Zs66nfnlBXnXmT3qos8HoHk4GCwQFNSfpnrM781rU3LXXr8u/7Z3xbyuOdeN77sY -qjbXvrG1nlupKLd6nrXWLSjqPgJp16OwOF6jfnOUvXECgYEA4soXa/qHue3VMNoa -bCVjNRXU5/mPENEJLV5WA6n3Qbgvf5yRhEon0cXyPp+iViKDhYxy2+3rNiMPektt -LGIevpwKQehCo2KSxUN1iQkwKYNAkxQthphbj6ho9vRUZhHhiQ43ZwhwTEwKQ54k -1tpx3tcumnSpcytysXY4u55n0YkCgYEA2RI/CagYs2h6ioNfcVOlTOrGzD+H8/Fm -I4mp9wGu5CXQt37imI3yS14yFiDERENADWQezGU2ptKsNmgH4kLy+uH8VqdF85Td -2l2I4t9C1HqomXnLA4iBZmh3cbdxmlpQYPWk4egndDMFDfT4/HeZXyTDZ0QtpCYv -dOtvGdrjISMCgYASNYO36b+oEA6EA58He+EBTCVyErmH8iC4gdCKLsVpg25c4qdU -ZdfYofoXSR3xqIfC20oFmo6+JAaEHTZA0AgD6edw70MadzmtmQMA47n4O0+d/4rA -Oc9wM2dqHKgCIgFnzbppDWZm2dwhHbt7fMKTz9cwE5nfY2esE//uIIPZcQKBgBkA -HPqDvbSMB/EECG4I8DTXpWXIu2PBHb5iEI0+SGJGaK95kad4UbuUcbhStcgW5r2k -Flf8IDs+cE8j1CSfCVUTyfhA87GGJ7cKpsVaaVwHdHuYp2UUx7J/vaH/OrpIRJGm -OQM7ta+QYLimyjZpn+RxW3/9PjR1oWmZ5AXaS+Z5AoGAWXjaVnFeVRN9TUSfPdJz -4dNf/glL8B16bZ+Es5V3LRLGwjafNMCDsY/iWmHztimZaPAgIpsi1sxvGUty7PVT -Kj6Ysii+DliLOyI4yE+2g350bfM75xz8q031xDeI2PsDuijhwulaH2AZxVlFfyXN -0sVlwGxyUYmdB3z/2Ix3Hbc= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCq6O4PHwgGOmEa +fjea5KocG80GYSYbvN37ums6fQ1wcmCxn8LtZek8WkfJS2NQQPDvn8QWRY7aUkTA +W7cEB4vxpT25bevP7KJNFAS8XZO7NTfF8fscJS+YWSXzVS0OFZ2YuqTnjCiqWf5m +vjAkkXBGIYq+k2ONM1tHlEA0lzbLun2a9H/XarCG+znjpfYpW6R08zFzXyGb4sI2 +pyYpP7iZLla7PTSZTt9h6jkY3qqMDhEHhPdlXDhO1O9/lA8yWMO9vKCzC7ngDXnV +99Nl+tFhp9z9VkTUveLMuN9+riDJRfP25fOzHuRYzmsRemYjD1NvSgsvFqSbFDVX +B8kcyrXPAgMBAAECggEAbp/el0MKup1HBRL1gvjHcvI7vwla1VFmje2YQn93F3Wx +SMeUMH1qfnohRRXa7rNaQIA1OAVF9eKSRcAXsjAAUSUX0tJndGpCk4mFlzcqzF4h +/6olU45uRDpP6jUTuK4dGCKXYpjCKaGenXo1RzYsafiECd707Qx05Nv8ww2tlifN +HtUR0xCZfVGDZfmNMZVrksUIZ1XHwZNtNLWQW6MBl3RhFaA0Wz/RfFMi2FzacEbj +75IqE6PLic1fin6P3GouzKamtZ6YPTyR5PqxCOCw97oZDCUGy2qGyAuPUi9O2HKB +fQgSyIxuR73S2korvxAmvekubjBFAqhan2oEjZs6oQKBgQDT28COlC33BSrpr2+V +pZIL4Bb1rGHreTi1M/4n9nP3GOZ9gqnSUsWXyxYVoZ2YfixorjZhUzHyx4SfZ2E9 +p5PkIJ0wOiHLlKQ36vEVN9ZO1UyNCYUgs3seW40xnsAiMNczZjufIZrsejO3tc2j +Jhgp+B/9Bt5A8us2ewhz3LlQowKBgQDOhQmZAfL/xAjYBCUS73t/YO60i5e1yg2J +i6jXeKjd5gRZ32upkBzQ8UBvAGSQGqrcCnqIzrU5TeeD046bZzkokg7iKwHwQDrL +SXTthUB6ABZddP/VXCEUVBer3FEnUgJm9jw08RzmPyNEPjfp91FDmJ9GYcbdo/nL +hBPHh3lc5QKBgQCJYZ0yWACeiKlVNECFqAJW1Q/Oa+RrkAYn6vlK7NQyTeFZTlvV +WXtsfXNqv4y0kE037JCy+AIRzzO/MoiqNHsAme2Ukn3LyC3dXOrMuZKtOEAVzTCZ +Dgoum2up26n4AffrCsZq4J3X7z6OSMR6oX9V5+LGb6e8Mko43/uRNnatRQKBgEMH +bQkLV+ppnxE1ry7JKcU7Gd7hm9j1/pTRDnj5AZ4b5Peii1ganS+3zdj5QKqA7UnD +4Od8Z9d0kJr51EReKXAgj9IacWOgBTUr31akNDwkwR2ONubyIw5tCM3QEUr41CzE +6N+qDl4wyeqBYzZ9/hM5eyCl5ZzUduP2N1FAiER9AoGAW2T0OeM5ZsPABMKu9eEN +FB9bVysqWT1tExB34OGWrZvNEzsHTqvr/D3KSWv0PS1pM46M1XkVbybOzRmPrzab +AGMDJXgGhMuk2UtDA/s9mgqTOeDXpvmaFyThVkoH162j6GMuX2SwxHnH9D42zgMR +3LEZ/5Q5HMJ4jwEM880jvP4= -----END PRIVATE KEY----- diff --git a/docker/ssl/certs/ca.srl b/docker/ssl/certs/ca.srl new file mode 100644 index 0000000000..0df06ebce7 --- /dev/null +++ b/docker/ssl/certs/ca.srl @@ -0,0 +1 @@ +27207EA9519D3D252E08AFA38D23BF2928FD5E20 diff --git a/docker/ssl/certs/mainflux-server.crt b/docker/ssl/certs/mainflux-server.crt index ba9a1b99cd..00dff88717 100644 --- a/docker/ssl/certs/mainflux-server.crt +++ b/docker/ssl/certs/mainflux-server.crt @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEOjCCAyICFEUJPlhTlXgN95xdj2q0zFJq3PW4MA0GCSqGSIb3DQEBCwUAMFcx +MIIEOjCCAyICFCcgfqlRnT0lLgivo40jvyko/V4fMA0GCSqGSIb3DQEBCwUAMFcx EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM -A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI4 -MTAzOTEyWhcNMjExMjIyMTAzOTEyWjBcMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAP +A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwNDAx +MDkyNzA1WhcNMjExMjI2MDkyNzA1WjBcMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAP BgNVBAoMCE1haW5mbHV4MREwDwYDVQQLDAhtYWluZmx1eDEgMB4GCSqGSIb3DQEJ ARYRaW5mb0BtYWluZmx1eC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQDAnomaAc9OfJENI0HYHhP/LrQu5nIYqgcfE7nUJOp+rXFXLAT/GbjtB7Fz -flyW4uIM7W3+Ip7j3wnmwki12uG1U9qSQlyPExnd7WqauhN8YS0yfyR8SmHv+fQZ -+GqdWjho6RqYMc1yaiThc3+E1OVdWHYqQFHUVWZ+EGs+63O8YPJcnEKLrnnYacj5 -/udQPNGLY5BX1+8ytGwc1rmZnVxr153qTGlvKH+LDZw2h3z9gmYEAmiSXsT79WJB -bGQ8w6UUHaiewGTOTmznqjoNGJxyyNF5IK5bpdIa7JTW0dy/Yp3W/PcLvZpJ92NK -2MznjBVqvCNWOsFCYhudl7fjihqZPcVJTUormElpnYfa6itQNcyMDl/uHs9VkUoG -KNpLKBLL/1hZPblSJSbOvJETbABwsflqUaBYxZs87zXP05xveHsbS+XPowOAlI9D -1L0i1I8T4cIDgwbsSHmcwK97vYSRqhYcIlVgySP9EUcndJ+M6c4dQ/GE/VKt4dhQ -tvQlXKfEaMZSlyZgA5Gb5ywhi8sM7BPG9Ch838+u/Gbpfi9kGzNEbiIcQviGV7+W -zanEtvABk+ljEBcKGPTTpjF88Y2JVb9bnG9mjrYF7bSNFlXLJPrTRjcoommTQ7Ap -B6YLG3V6Oji9M4KXflxJZ/iPkeQGxGEYV4hXR1XI3O3OotjBYQIDAQABMA0GCSqG -SIb3DQEBCwUAA4IBAQCpvr8cK38xfJfz9n1zfV51AygOWX7ygdkBxJuJp2InobM8 -taWdov4TxFAjHfV8ufBNwFa9dJglQNTvqB4V+2x4YTf5COdt509LmOiRgpnX+1Yk -Yx5wECniuQ50aQbTCTHyx7YM99eBBjlMmZfmmttNHuTSXQVBY72Gb9OC9X6xLpJY -linEcwpWuwCHAE8QOgD/bCfM7VrwA4oR+fa1ApZ3QrJT93quk0FbGoCie+6Mhxk5 -wqIRoatd4ZSynAwr8ZHgWnTqdI7az0wKcFmRpZZyuNqgZsVdtQX5Ed8tw2/KUn95 -G0aQKIT0Uyx/+wQSoi6TaQcNtLIkB7AiDPM1auka +AoICAQD1LayMnOYlTHWkK/7BIc2nRLkfkbfyejIujEKIuOPYZ1DbG36VeSM1MYlp +zl+E7gJvvK1RuCcL4DKG0uExI6HV2GdEq9kSe3Pj/512VTq+bXvMDRTcHMUkaN0N +J7GybHNk8J3fmFlB61zUpZUNy0M14YYX8tZRMMw8Ke6ThJyj8ulSky4Cp2tfiGK9 ++YLP/UJkSm+0EOVAOMAtLNvXtg5+/0e63M+stdf+F3txLuiYXiOG399tXlI61r4L +5fKs0xau6P1V5uEPwAnQiXYVLCdahfGrUJIjHnHTU0TS2EpE8OxAu0krzQeONGSU +g6SMM8vCP0d8yqQrYZGkmaFmIiTgOmy/fs+8u/ykautiOR/SviTR3hi/ofjZ+NTd +T2Udg98BGuZBwKw+elajHUSUEkxtJVxeuFiVGzZNXkEhuxU6VNCnPeXxtl502rU9 +nmhmO2WJ0/1KX+oe/uTC99b+olEPm72exsX0mwkSpIwDRBpX9meER4vJe4yX9fmo +tqEC2G30C9KYn+STcY9P7jptJgLLuN61DVBjeMPLW+0NTjqmtplcu73zYvyCsG4r +hIhY291wvz18iNLY7BfehU3beEx68ApdLMue6xi9JlFKxHf5FHBnBSvD2xrR47rH +9UMOHLglB+QkoidQ3KugHJ8r1sVHPhuS8mE7cENReFoNfh+N2wIDAQABMA0GCSqG +SIb3DQEBCwUAA4IBAQARH5ZD86TPaKW7Dty1bAnj1owp0o+DOp65hGZOZ2AqYVDF +UMz46ahAuBWhHPIiSkBnonBL5xVV3qihhlISaOQKe2FPdt/ekhUTzI/upAZDphN0 +m4ZNllXaHAA0IQpXp3O/An6/IhrLCGLth9pnIzswi6sF+I5nIfpcuAV7TJfLUAG+ +UTjy8GsZhE/ZCx0JSYzhpC1mDGxtyCQR7QY7rnEohXv0bHmv/jVVIZenT2SZZHJ5 +sQEiaIZWbpHctpgbom1qi5BNmIz9APKus3f8ACGuMLOHiW1u6I8vl4b1kqc44Qoe +2c5uGEHh+Iv6v/V5JwzTrfbcaWeAv058NnN9rF8i -----END CERTIFICATE----- diff --git a/docker/ssl/certs/mainflux-server.key b/docker/ssl/certs/mainflux-server.key index 434280a56d..8a71b14685 100644 --- a/docker/ssl/certs/mainflux-server.key +++ b/docker/ssl/certs/mainflux-server.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDAnomaAc9OfJEN -I0HYHhP/LrQu5nIYqgcfE7nUJOp+rXFXLAT/GbjtB7FzflyW4uIM7W3+Ip7j3wnm -wki12uG1U9qSQlyPExnd7WqauhN8YS0yfyR8SmHv+fQZ+GqdWjho6RqYMc1yaiTh -c3+E1OVdWHYqQFHUVWZ+EGs+63O8YPJcnEKLrnnYacj5/udQPNGLY5BX1+8ytGwc -1rmZnVxr153qTGlvKH+LDZw2h3z9gmYEAmiSXsT79WJBbGQ8w6UUHaiewGTOTmzn -qjoNGJxyyNF5IK5bpdIa7JTW0dy/Yp3W/PcLvZpJ92NK2MznjBVqvCNWOsFCYhud -l7fjihqZPcVJTUormElpnYfa6itQNcyMDl/uHs9VkUoGKNpLKBLL/1hZPblSJSbO -vJETbABwsflqUaBYxZs87zXP05xveHsbS+XPowOAlI9D1L0i1I8T4cIDgwbsSHmc -wK97vYSRqhYcIlVgySP9EUcndJ+M6c4dQ/GE/VKt4dhQtvQlXKfEaMZSlyZgA5Gb -5ywhi8sM7BPG9Ch838+u/Gbpfi9kGzNEbiIcQviGV7+WzanEtvABk+ljEBcKGPTT -pjF88Y2JVb9bnG9mjrYF7bSNFlXLJPrTRjcoommTQ7ApB6YLG3V6Oji9M4KXflxJ -Z/iPkeQGxGEYV4hXR1XI3O3OotjBYQIDAQABAoICAGxexfwn2ILIArPpijoVchq4 -JBfe/4Jw5uDNMFfzDRuIaaQp2AXOawSwt13LUjxyGcw8KQ46XDrIWcHCvTXTl/l0 -3Bw9yeWVUZBS6w9ycVQhOFSYw+ZJ0yA4+OVDpngxMluUCqpmGrisj2Non+4T+Zez -FYhf96oHAksa4bvcrJjn0nPYVnhQCa2AltpQV8QE88AAnE1P5/wXFlyDUpjiuATU -orwXkZpApsGNPr5PLDtVCiBnWn4/Y4R+YnF8kki9qjrPFPd8Nzr7VLpiQ5bqqdrK -sU/82xwlBziusm7KU/A5g6RZXoT0f8Httad+oooDfmk2wIrbM7Atkmvv2D3kjWGA -Rczd7tHgz22G6X22zJdaRkQv5KJ9Hc01LNlRG/rlVsbyGZlHH6IUsQy7bA574CT9 -+eyydi7KfGkYBuTsIal7YzQsk9bibvoB5x2pHZ+EVrSAYfiY759blir+eaQyHtOD -o02hWSqjtGe+qtkSD32wmvMoQeEX176rfZ9N8Sc3RaqKElVzTClHzZm71Mg/z2aA -60chjpwNvaB8IYKkWWXI9DaihjiHwiv6bvzx89KqB4QgHVXR/n61mxFsE7NqBJaW -TeCcRWMuMDX3n9xfD8C9P0IdEomWfFhfcfVdG6yPBfYUns6F94Dhxt0mRG4iltLq -BOEFauAZ9Jem/b9YYpYhAoIBAQDgCWXy5RBHZPPDwTRZheu/PrFSOFzF55E1LVa3 -UOHpNpO77cNWoTBPMuXDnzmrr6M481FgCNXDII+6jr1L2hlVzxlJTB5jtmhQILqc -JDABZenZQYQsutdfhJm5VdZkzl0SPtOxg7SSuLhk/9FDwuelNiYhUnwTDveS+OzC -l9oV5z763A3KqBsfe3OfXoo/qUoZ8u931+XJNcXmGs7yNJzncdMmxdY+tfOt7BNN -0d2ANLTU7pcStNgEJRpdPiuiL281zb2VwVATdXbVAH04fGqbZSxS46n+uUsHrA9t -HsjXNxTav2CFRpwn8rjiyiIUnrRtv4Dlc5DXY83NrCjW9OxfAoIBAQDcGapW7Peo -3UBReqKQWjMJievpI5uOHS8JyEUJTOV8uV0/zV++JwJsdDSlrfaUKwbq83jIBnqe -M3Ho8mkaA9a9N4lClh0RtvxEbIobsSk+bXoT5iKdZC9+ODq05DVYPxS/5WHY6nkU -J8JKgQxW58GJ9oejHSosd273wCfU63MK5dV4KCXENMDWJySay55gBNWl2QYNk6XV -KMfcIR8dwNTZe8s2Ys5yDQDGMDhXrho3t153imQgylW2NWAIUVs2bbSgcMOO/2hF -r0irIZDm0Yv+SA/0BBOn0CwMLUen2gHRQE34oQ3Gk3iGEgkRznk3QGVF28eybdQf -fFQSKaoWFSo/AoIBAQDKbbOAVRjwaXcYWWpDuY3Zr3vpHqQ07Zd2xRClcp+taXLz -S1JE5EAST5rrtuMVDg4dVz0f2NvNA47asj64WsipkAb5A54x2o9GV0xF6Sy3Fq7F -bz1ObURNOjLsE3M0goH2Cm6c5rQyHlX+bGdZIrLLxLGPSkhxsARi+Ch1a1/Siq+N -W2faxSo8t/8w8OtZuk0KRUe6sYke1UeLMo3qqz9aoK55SijbYOxdKgIHPqk1Pmpm -O26lqGHG3P+FYLdsRA/oPY4f0hvYeTp2G4sJjuGEp1X1T2A6mJICzKTjo/00+MAP -Jvy/b52JOvdzc9B3cS72OyLsMA+fjr5WKEh+ca9hAoIBAQDHnE8rvoVtFBs8yeec -2vDmebsGGVD+NeFvEb3qjV6jGslDD9MA9QfxrAIDMB4sikkf0+d6IMYbq7Rm+1Hu -UgTyXeeSB+odIsLumzE1pBovj8HjQheqfi3EXuJ/I2htu+fpkPKIcz2T1esS/q5e -MpkHshmZCN4yra5p6k81fsM64u4SpvZ5Vw58Kcu8x2W+1yOb4ZLnxTvkcbOwJCnA -Jh3jj63giQOJ09kb5Kd0fWUxmo+GAnCEfHv3X7jUUlRSrHPf/eSdT20Vpb5V1X9A -llJMLrapKvlYfCc2c+pEhCaZy6PrFMUVjrEDhl/LUmIEhdZS4NvfKlPyqiLkxfyH -QnKpAoIBAQCUVEjPx/8SdPsyNRBEFXLf3gnzaQqkjkGHenmCiZyXFL2NWfbrGsn3 -n7JhpBIjko8wy7YX2UbmTdopMCn5xfV9AXiWbEtA1pO6bTr2cs+KuHsj2U0+QN9A -05R1fE7HRSD4pE0ZQIbNVpHq5MWYoM+UKliVKAzYZVgV7dN54PT4f2Q/ob86Yzc0 -L1v2YPlS5+6ZIpX8b/dKoIrfx4L/ycWqG/nhzcnTOCqky2rWXO5DX9lCHV/tzpHw -Vpb9joZLQJHVV8cWMtd1+M/iXmLxDrQuPqnk/vcx7h9i4RwEAgTk378hRjmWyJbn -KRZEyZtITc7zZTz1TkzqL2AVTdWBcuGv +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQD1LayMnOYlTHWk +K/7BIc2nRLkfkbfyejIujEKIuOPYZ1DbG36VeSM1MYlpzl+E7gJvvK1RuCcL4DKG +0uExI6HV2GdEq9kSe3Pj/512VTq+bXvMDRTcHMUkaN0NJ7GybHNk8J3fmFlB61zU +pZUNy0M14YYX8tZRMMw8Ke6ThJyj8ulSky4Cp2tfiGK9+YLP/UJkSm+0EOVAOMAt +LNvXtg5+/0e63M+stdf+F3txLuiYXiOG399tXlI61r4L5fKs0xau6P1V5uEPwAnQ +iXYVLCdahfGrUJIjHnHTU0TS2EpE8OxAu0krzQeONGSUg6SMM8vCP0d8yqQrYZGk +maFmIiTgOmy/fs+8u/ykautiOR/SviTR3hi/ofjZ+NTdT2Udg98BGuZBwKw+elaj +HUSUEkxtJVxeuFiVGzZNXkEhuxU6VNCnPeXxtl502rU9nmhmO2WJ0/1KX+oe/uTC +99b+olEPm72exsX0mwkSpIwDRBpX9meER4vJe4yX9fmotqEC2G30C9KYn+STcY9P +7jptJgLLuN61DVBjeMPLW+0NTjqmtplcu73zYvyCsG4rhIhY291wvz18iNLY7Bfe +hU3beEx68ApdLMue6xi9JlFKxHf5FHBnBSvD2xrR47rH9UMOHLglB+QkoidQ3Kug +HJ8r1sVHPhuS8mE7cENReFoNfh+N2wIDAQABAoICAQDwIbfqUJGo3mYqUVzGVBFU +Tp7yKIp9VulnZcCUoGGoRiiPMTKdu3OcWdQ4aQRs8aA5SBaI/1Be9UsHeetNcZTE +GZurSpTk4Tz0hhr3Fyrd7+VcSUOxAgykSICYrdQA6O9sYa5+nHxvb9IQA80lIXvG +fggT1KfMBXtDQd6FZVD10qhrU/OwbcFgY/gyEPrqMyafi7g0KIgginTOyizX7Vvt +TqI2hqZwhfnyx5UDmen9sdYh94qhV8w6DLE+fg1c77I7xb66L9Mm1fPG55tbyU8R +/jZgkB1RgDQDwn6Z83VqaH08OTLFT56izPXl77luCBz9N3UQ6Hg6dOlsyXumyLJL +cKjZ3Yoaqu9GHEauiaIJqPX4bN6O0TjG/vW0yKdGSFgh7jfjIiYCmMnb526PolKM +YN4xZ/KcdGa4QGKuX0hfgYLaOAM4U+V2Flb6QiSSta+UAFPOC7d7fEZIwYrgieB9 +10jnFqXqAef5w16Z1KZNI+X1FO5keHkOBqliXCdQJoLBwAt7nJFkgETatK5XCra1 +WR/iVcanZrvwD7pITZXbROcOF9MxKxkAqxU8Xeftr47r5XteuqSd3uRmsa7034QV +0TNV2OUBv4UCa5DpEftSjoX5GQKKXkAFix3QdW+RqiZ4tGVnrCUShhgg9H3aOu2y +dePbf3F5R7P9g4SbfKFGAQKCAQEA/GVCzoihnM9j+DmP63xoNyWNGVQ3foeZw/o6 +FvGYx5yUeYm+uwuq80hpd4KtHZoqbO3ohEsyZBHBwGjbmjxzwmrKbZukJ8Zxs7QQ +cB0YBmHduay59+MnmL3uiiLGsFedSlbReCJnFw+66yXfvDPVf4vs1I+DPtEIBkY5 +mOOdfP7b4vQtQbhtw4EAPSORbcR9ap4DCRmedp9aWTh48VNvqGLJIxRxveHcX/F2 +zAySGkw2s/pwQXq0htCComDn3X3yqw4y9WKirzmS5hYU4gsuk+dy3JSHhe0bsA8Y +daf4kEdutqyjYj1IaaDuvkiRW/6Pukb//R94/tejmwBLA5LXGwKCAQEA+K4HGruw +zlGKfQNc2uKX5uzB6N+rWQ//5oFhe/Lga2pQZlwDCay+3G9YWiVLP+wxEAkuoQcx +thfYFWLMy/8+Vyuiej/N73hWYXPgja7BA0d/j9/IKhtjvN2qIzA2xxKCkzqunXms +VnOoHVwhoqtVEZ9trB2gdO3ywE52aqSq131rVABOJDoFq9lVw4bl9Rj9wkp6D+tr +Dx1pMeKrBFKfxuCgAyj//BJrNSryxAxglAzyC75RKAPT6fvcw3Wcpnb10IXDt3Rd +g5YHMxas3g1fh2ieRVsQG4OvGytP9Uap6//AqM6c273Q86U3/pu3r8nvEMBKxdsx +pc4/raRsoUPQQQKCAQBNCBLFukmo9FsMjXTxaDzeZ+WSj3OIeJZji+Fi00XP1mgy +V+oQaFU6fyVBRm7TlBPSvyGyDslIZWr+8IHlpwGlmrZBkbkeMqDNOe2yag7FE+V6 +H896aqfRJFbDbi258GOfJrQzuDxCe5iO4DZS2HcWwHv9u/dQmreaQqCdmwqb9aTi +taeCYWmOu7Z48nwWRlwIyEUg5+LHTYdjp6qx7MctW0kMHddBHsgFuEqLqGKHCC/B +6nOMaIjkhIr6SB08Ko5/youe/QWt+SJuetrQypzio0cZL3PVWjKTH2hVsHhagJK3 +yiTrfMy3AFkdVkSXETCIp9bFSG/DR8k1K3e5lX11AoIBAAfSCT0o++VxIQbPbUMg +7x//ABYfupbBbw3DsdohCDe4jzC44guS2Cm8gq3LEHPBLMXRVBsSS9jrJQt/IOul +akN5htGLYiGOykCkUUKDZWSCAhv3MKdKVzegTPJwWLin911D8ivXoLjTSE0sEY65 +DqLQPbW09M/Yj9LGZOjzpr/CHPb2T37KKFWALzdH7cFoeMp8ZxxLDgHare04sKIh +Kw8pDz8qMequdZqlcB8EOKFPSuldodW9URPBrO6kqzl88jwNiNsjGLHDrRRJOUR+ +bSun+Zo6w+XpnT8gfJI9F6jpURi97qbmcETJRFqIcR1hH1iKg493VjddphkC27uy +k0ECggEAR1LyWFqTUxpP15EGA4vE64c0T6gmWmSyQiZ2VbMYWlgBCZJQN1EFDoFB +rLQvhy8jEU3zxbJPEOQmQL8OGzMBMgV/akEsTTEAPLbQc0ROSR7CW3YV8UlyBUP5 +4/WK1NUR8GXyeCjJSWHgn/LclkcFmyJ5DCKmesMRAodMhkHkqmSTZxPAYmlipn87 +PcGOoG02NlgjDADjwhRepRI7wVbb8HVXfGxhiPokAri/OgC/odnHIGzkdznur6JS +5eUoZkBcH16zBGxfwoGhqSGdip1BNNs2nUp4T0i+LGVKz8mYsZ9CdiGElfUwLpcc +eFet28DEMzSifudXY3LYE5N0Vl6g+A== -----END PRIVATE KEY----- diff --git a/docker/ssl/certs/thing.crt b/docker/ssl/certs/thing.crt index e13e6364d0..a1eb60d1ca 100644 --- a/docker/ssl/certs/thing.crt +++ b/docker/ssl/certs/thing.crt @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEODCCAyACFEUJPlhTlXgN95xdj2q0zFJq3PW6MA0GCSqGSIb3DQEBCwUAMFcx +MIIEODCCAyACFCcgfqlRnT0lLgivo40jvyko/V4gMA0GCSqGSIb3DQEBCwUAMFcx EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM -A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwMzI4 -MTA0MjMzWhcNMjEwMzI3MTA0MjMzWjBaMRAwDgYDVQQDDAdkZWZhdWx0MREwDwYD +A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwNDAx +MDkyNzEyWhcNMjEwMzMxMDkyNzEyWjBaMRAwDgYDVQQDDAdkZWZhdWx0MREwDwYD VQQKDAhNYWluZmx1eDERMA8GA1UECwwIbWFpbmZsdXgxIDAeBgkqhkiG9w0BCQEW EWluZm9AbWFpbmZsdXguY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC -AgEA2fRQ4aWO7pxJvaD2Yt3dnF9SulqyNv8vzqkLH7llJgly0qcPzpTCkwUCwHvw -oug1619ShFjnuSHYxNUW69m4pFCwX/AMUeAUzREKhZo60dRQ0EdU+r5dKYRGvz1p -sTWzYSSwiQlRsmAdEbkrL7bQHWoyt+D3hVM5Iq+gC7T1MbAmsrirGW6u/Pysi5JX -bsPrea/Y+O9S6DOlxmSjBe7XKq3bsknCrtMw9T9oxWhMxjCFrMixYL5I6oO99fTu -1PtpP80ntdO7L+cfU5zQ5i0VpYH7/NRg+6gx8/0H/SU8FKacr8fKcSfybyWA9Qvp -CTIhTWZkqTQmOqKKzp6Q+E/0pW33GfwbViCZDjYAxvg9XIMYDSjdHBDwqch/eEFe -At2jr8nIOz+Goon/OFzid8SUketIvrD2b3CzmVgX2/osq2mlaHT6QIYfTRn1l4CI -i7jHiDPFW976BeMKkm8WuHy9Koz7BEIVY1/XugZ8tAru9tCDRdnnJSJNZqgiBR+I -NcOtMIFUq5HqE5xAs7uPpJFCLL2d6RBOzz6QCHHFSNreXalXShIsKfBP4JiiJTrd -vsgWeE8sqwOCwBnrpu4WqHvcWLttdr+lktC/XluhAra2jExq2bCdPf8RXJ0oRjlk -0lqTq73eMgg0HnACcopatBnVA1mesP98ZuoASgltpuE+Bl0CAwEAATANBgkqhkiG -9w0BAQsFAAOCAQEACZtGArTbaSUT/YEdLlYJSPk7etEJjknXJcQLG+Nsa9aiDkhD -AO3Zy1BXyAFeVOSLmerhEbrv8X2PXH1wUgEiHz8j5rIcdTZwobBKeF86aoyTD0wZ -6yKt6+7BC75z1l7Su9yvPyort240mDtekZUUJSgzydFZO+6RfZ3u5adryMB6Vp/D -LfU74lxshKdlretHnLIVBnwIpkN8yGi4JJm5wGdT+q6NNm5VNbTXop1bDIElJPy5 -Bup1OlxZsRLCFh/S9oruWhIo6MuGnK7Gf0qPnn4gxyLwrNtdlkX8do6zfjo5vKKi -4eozvXJQ/ublk0THtTQ3Fvp3s2ag9cnLEESTAA== +AgEAuNyXOzUfhH4WOvXgaOIV+ViqXEXO/VfjxPBE4EOYxxk1S5N1tAM5STontEqJ +kv8sSInZkYPPPjcqv8yEh1q5GyZrsI3Th5wqovFQEKUwAP2m0bluJYwY0oqo8dcZ +vPhcMdEdJu1hzRI0LOiBv5EgkT6KT5z97CfDtV16uaVISywnQmo1TcY7tT0tQs2S +znc4kg6mbfGnbmkEHfiV5aOj4ahULd5grdPh+8YcnWXNE/maSZJLOKz2PIMuySS7 +TmmmgJC6uMpsT5rCGI+WzNwYy8X6731zy/DVaMQ752QJfS0rUPwHa7KiEQNKAyrZ +NbYxiILKnbvd/JrN2iW6yllQDQn+XTft1aAui4fQcw/aBQZ5zbiedJeeDtKuve9+ +X23PVhRumsI4Wfo4CzKBsdH6fT5oGOqmL8WFVCQl/p93vqPRbhadEeEqGgdE2om/ +1SaA5nl7W4rbfo9beLpmi3KE+oldlLh5/mgH+7vWQQmmidC633AFaY7TabxU/59+ +38Kzo6eAJauVoHFdXGCIgg/SemNS1KWo3t+pwBHJIPHdsLlWsRVtV5Vt8QW+MlD1 +ODkApTstom0rtLvBoqBkI+2z29J+i07R4C2K/ZFdhv8Exf/MxUZeET+AznUwLHTE +SNxCsI/7wWQVyLVb1AwWLaBbt1cYd4YGVWe+QcslxNNayMkCAwEAATANBgkqhkiG +9w0BAQsFAAOCAQEAi7jvvUUMH2yVXfYgLUuBB8jRmwQcYKJo0jbPKZew07F+L3xM +WdYP+pDhdkyF79l99/fZS0Xs8dwYtAgU2tVkVoT6p/6vCvnqodgKgZJWi2dNCdG7 +ftIJR9dkusHIy3cpSHNb+A/hYLvj1nY9IAmRiY1fBNrRflmQe73gUuIjuoqDQ8wV +5jteUUt33rH0wYhbMf4z9HFSDBK1Ti+Mw27ybDYnYb79FZjUnXAKR/Gb0QyyGQyI +N5sVboXyBEK6KlJ4xBQZ0gEvmhN0ZGgmje4u7+2E3pJxo3zRN8Qm5Poqyll+3Omd +3rPdUhkTrQhKC3iMi+hXr4ZjNSlcgF5f+zvRIA== -----END CERTIFICATE----- diff --git a/docker/ssl/certs/thing.key b/docker/ssl/certs/thing.key index 5d02c965ae..cd7a6c980a 100644 --- a/docker/ssl/certs/thing.key +++ b/docker/ssl/certs/thing.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDZ9FDhpY7unEm9 -oPZi3d2cX1K6WrI2/y/OqQsfuWUmCXLSpw/OlMKTBQLAe/Ci6DXrX1KEWOe5IdjE -1Rbr2bikULBf8AxR4BTNEQqFmjrR1FDQR1T6vl0phEa/PWmxNbNhJLCJCVGyYB0R -uSsvttAdajK34PeFUzkir6ALtPUxsCayuKsZbq78/KyLklduw+t5r9j471LoM6XG -ZKMF7tcqrduyScKu0zD1P2jFaEzGMIWsyLFgvkjqg7319O7U+2k/zSe107sv5x9T -nNDmLRWlgfv81GD7qDHz/Qf9JTwUppyvx8pxJ/JvJYD1C+kJMiFNZmSpNCY6oorO -npD4T/SlbfcZ/BtWIJkONgDG+D1cgxgNKN0cEPCpyH94QV4C3aOvycg7P4aiif84 -XOJ3xJSR60i+sPZvcLOZWBfb+iyraaVodPpAhh9NGfWXgIiLuMeIM8Vb3voF4wqS -bxa4fL0qjPsEQhVjX9e6Bny0Cu720INF2eclIk1mqCIFH4g1w60wgVSrkeoTnECz -u4+kkUIsvZ3pEE7PPpAIccVI2t5dqVdKEiwp8E/gmKIlOt2+yBZ4TyyrA4LAGeum -7haoe9xYu212v6WS0L9eW6ECtraMTGrZsJ09/xFcnShGOWTSWpOrvd4yCDQecAJy -ilq0GdUDWZ6w/3xm6gBKCW2m4T4GXQIDAQABAoICAQDIYaue2VSAoaXWNs9vdCWT -57uqY0on8BOm/5mfkBajktpDO573waLmAhxWlVxWmgFApcG6tfZNKgYeaP8K1X/B -agHOImdhOxBEvN8cmABt+7JU2tARO8VxLxDQMAklCIcjz9SSGMRIp77yFXjUBFJw -SLvafHV02V/VOPx+5t7q0NWzSL7dwfoV08RbCa9iwbOTjA2CSJ3DqABIVyvef4jI -z1EGKHRZwQbo42RS4iJ7sA6mHVme5TMqkPar04VkwMQyCU7yB3i4gNg3ShxxEpAt -O0VOXH/RvwA2HrMilQIYxlmV7qx7vktQzn0yTcHxV2pwu6veOHjRPbE6Z2RHN1Nm -tPRMDLMt8vMDQrQx0TlKuC6SP21JT1dJRDKvhZnYtOUhS23lCWBeDUJeY5rqUEep -gkui9LGlDESap3OU82lKQMuqT4oaucxaubzING/dvjo3J+O7ngXAz4OYGrrfXd46 -3r/WzMvDDpWB/m+5Uqc4Rz5aUFeljQDIHsD7bxbIL0WPjEwgA5JOnT6hRSPHYN+N -fLqKnv3cvTtF6enmextE8LupEXcbp33l9Zwk4N2ZJGqFbBBAEJiJJhl9U66Eal1K -6mtZAUWMMQaZm9sM4F1REKBVNhccKX28iuU4INpvVQ2U9RNMfyUM7y2wMn4ejPIA -NnabBoRQ9ffwqIR7M2eHIQKCAQEA/4wV3m0ueade7aI0unGgk8cE1wNBp5iLuQCk -7NIOthTMgIL/kKvBCS7YVjYORr2t0wxjWwUov+YZeufdf+U55xp/ghDBjHBgpbAk -QRy+D2THY5fKFesomLok/MYZ7nwRSGdDh67GxMSG7sTtn+4rUtl/jdeQjFZJwb7q -DtZU8lIoRDNcwbLiYjP/I32oOQZIzGz4gCVrN+pvubLzYL8BJAS4D+B04PN4DILT -P3Vib8umibunaWC1gp1tXbbtuHbgUw9VAMgM/A6V90n8nKuyJtJPDGlIQ5PuMve5 -X81BidnCG85F87RUByoXu2LdZ2n2GIVjvMf7nT4k2e8OZMYBCQKCAQEA2lctu4MN -hHuNMSGNf31T8dOJCjb7j9TDw5ZhvAPUuBfF9pSX9MzsAfc5EcLtMqDNEQ4E0jy1 -pasRY0Op//CD77gH/3T24Tbivbv6U81UFDmbTO8/I8RvfRoeC2StY6DXVxCQ6gs/ -SfoIIj5EHIa/8wT+L70lh3isfQwjIh9O0ECDIm/Eqp8MSBHI5lhEMDLBCZd00fs1 -O+wBmUGXUM8Hst7v6ygCPYIwzB3ZHRGIgImxcKVyhl6WUBF7n3DQOE98cfotmv65 -jGYhKL+XSuOzyysCa6APTqvfz7BnTJhIbnlmSMyRjNAgLq+Ch36JYL35VqLzZQvE -ZjEbcx8NCdaztQKCAQBVbepdqlhQGRDWFlTUQ2owHOdUTeVj9s428a0w8mQyoK9h -AuoW3iQxQrTV1Upegcibdle8tPPTe0PnX54fxGzgAm6/94QMxAC7QzBLiCVNlh5G -ABdxzmSK8ietTTicDmPktYjQ0i/m1eBZ8AGUZpWbI9TNgVP0ZmBP4dfzT9mkDK0j -Z5xJsNiXhdR0c+yJ67zogkFs7ZVzYu8owFc2b4QdG2rA/AN2tE3cuNuQKljXENjC -0LX9t3PWj3RhUOcVtL/3ZHfBRB97IBEoU1actZVf/wyoFIYw+UI3TbNuAHs5b0/B -5epit1Uj9AFtBncHvFemCOm30Y8fGQhOxukj7UGpAoIBAGxMj6+RqpPLINZ82Q2i -oY+yqCe76/2EwHF0VxgGIm4JxLSxMcpIFsxGzzTjJfpVzkGmXXfWixcYijBdcKY1 -q4utEbKBVq+RJNiNs/X7Q7ggdsqrZPsdxVsdKEfocSSYtBdIbUjZuVO9RGmPzwMD -R5SIJniRblsK3SvNaGPVeadMSH89RySGbXYV9DtlDrWFh0B1sokw/E+zmXtmEGMR -vbTYZdKTbsEJoaCtMXL8rmNraOsB9ZN2uUIP2ezU7ULxEj4KpLJbpLdiNRJcLfQE -i7q7o6C0rMMN956x1hsk8dByQOzdI1jgJwZhIfKJLiUhNdrmSqoVMx6pPv9UKIh3 -yX0CggEAT9xTWag58+x7OIfIVhfJsWGVJmRX5sBfeV17A5Wuj/mQqeWJQxeiDsj+ -FwWl6TvbSta4svE6TCet5eE07xdAvZZIfp/ZceXcwJY1k/N8AKK0ARK/FtfyRv5q -Tsxz5FWrZ7/sDcHOEeOkkpmyjqK87XtEldCroVuWfy3l2V5nrLRXpd++JPBi1Syu -b36iOkBi5WMZGn398NwymM9UbsyxqsiBbsLrnkFRv6XUs8oL4kZo6bF1WIUxqLoD -v1facQUWwbSRTvudylrFKx6oim+TEFcAWY7Si3hOHROWP2LhzCOlQQUNwDQGVpaA -RwjMK+JSbpm0CdGrwG1ZkNWX1OMc4Q== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC43Jc7NR+EfhY6 +9eBo4hX5WKpcRc79V+PE8ETgQ5jHGTVLk3W0AzlJOie0SomS/yxIidmRg88+Nyq/ +zISHWrkbJmuwjdOHnCqi8VAQpTAA/abRuW4ljBjSiqjx1xm8+Fwx0R0m7WHNEjQs +6IG/kSCRPopPnP3sJ8O1XXq5pUhLLCdCajVNxju1PS1CzZLOdziSDqZt8aduaQQd ++JXlo6PhqFQt3mCt0+H7xhydZc0T+ZpJkks4rPY8gy7JJLtOaaaAkLq4ymxPmsIY +j5bM3BjLxfrvfXPL8NVoxDvnZAl9LStQ/AdrsqIRA0oDKtk1tjGIgsqdu938ms3a +JbrKWVANCf5dN+3VoC6Lh9BzD9oFBnnNuJ50l54O0q69735fbc9WFG6awjhZ+jgL +MoGx0fp9PmgY6qYvxYVUJCX+n3e+o9FuFp0R4SoaB0Taib/VJoDmeXtbitt+j1t4 +umaLcoT6iV2UuHn+aAf7u9ZBCaaJ0LrfcAVpjtNpvFT/n37fwrOjp4Alq5WgcV1c +YIiCD9J6Y1LUpaje36nAEckg8d2wuVaxFW1XlW3xBb4yUPU4OQClOy2ibSu0u8Gi +oGQj7bPb0n6LTtHgLYr9kV2G/wTF/8zFRl4RP4DOdTAsdMRI3EKwj/vBZBXItVvU +DBYtoFu3Vxh3hgZVZ75ByyXE01rIyQIDAQABAoICAFIiQFcgDTbSxpG/uMsg2F6G +1HpW0dah/CL+FbwGjJS5UIKZq8wlOoicfBOQontbQJOiG7aZd7TO0gGRnrh8yI2V +jndNLFSuQAtRaB9dJWzrRfkciCHKkyTIUrPQvDDHsD66CFfJVJDGq8PgMfWpR20A ++nbQ68jHCh9Ev0hIdUxg+7h4c+JwVwr5eWia6cUuF0Zdl/h1S8y0gA3I6uCyyhdy +sKQIj6/r2hYBOal9F5buaWySwTUXM/hC2MCpv0bhjgbFRxDfbywXOHGtKnUuvR2c +gxdxB8fu4wK/XVY7jjO9o+dBcxKYtYUVjwbFPOiuYGekpN1cIQ8gwKFR7iIFeJjx +FD/zrNUx+DhJcz9ovE4Tb/Gg1aKdddzeI5t/JzkG6uQCOshlErI7lKdwwhdwuQIx +R/EGXdnSHC6yCB9zKhM33iza7bEtYGC7ih78lGw8i3BQ/FvrJeQYs+CSNph+zQ0K +QRvqkNwODRXKA9Haqr3iPa5dKJhUMskYAz5FpHxC9oyB6YOh45PwKrUDo63Q6l6U +Snjl3w5pSFB5fcRZvb6Wfdv9eeLVTNksw35xE8kAaMTTk5x1pzQph7pqFjCmV7d+ +CGsYYIl+855h789tbAnSY46JSGnvDKYcRitW88VyI1Lmjz2Mq9NhaT0Zj0iOJTMA +KU89EjtLzyp/dj8DM+35AoIBAQDgt77P0e2p0bKqTRWWubVZYsS0OatBq4wsYqV4 +ustT1/IlT5fZhKN0cCxOXcwlhGyWrZt1ceVxLsFKl6IWOQHNjyRTyugICW/HVJM2 +kpeZ0fMAMNWLPoFnX4hwhExGNhMN/hgLEqqefFhl+TSoGoWzj8D/TMXGSYx7C9Gp +9T2NXfORarNG5Xku/NmF2CTlSM9HZqzpikhkbpkK5rqB9nc+2T4XgskF7E7Rzx2v +cq7y0OfgGNlm8yWwv8mamGULT+jXWNGhfaugTmoph1F5+TmVliG0h2VPId2VoXRN +ex68UrRMKxP3qOpoZflwLFWOjrck+y/eK2l/ue5M/daN+ZUjAoIBAQDSmH8kxj+l +FCd3jL9KfzhzT10hYMPAiPh1uiMYZ2dQkHKbRoQq4I6s94Noow9o+KaNlJg8J8Bn +YZdrcLPT1semwNlE1FfI5t3gQjIzaIZ12FpaEwEEktCKk2SM/X7CwfkN1+FvNBnJ +2hj6TxjO8m+TkBQqAlHWMPM6P9uScn6SOM125iahdswOJeCAaJMkhcTvATE+m6Pc +CkWoxlILYHXyTQmH92Pka6ZfpBNpoI0ADCO5gFyOsL6VKahV0EsXa17yWzjsOpHI +2leJivls9dJgWr9hLSMgH3Qt/t8A35bGV5Q5PwODhJ+WJ9J19vFcHID73bzq43tD +56UBRUGNSdcjAoIBAAJXh+KMkoiBifYiZYYzm0M6N0iVjUZa7lQMFyNh9vqBtqFS +6gc3TajJ/nw2mAkQDz2mw4b+z+BVF2iamfLXV0B4LG2/IJns10BhjkM0VeYhfQHU +gHU6Cok0QqzBhDX7HEm6CzAaWrLaIuW1KipSVHBhoCZI+4qse41QuzelOaX+g6pR +TVsAyzmFIxM1BHVrQ9W/qS+p5EU/rdKiQvFVyzpZcz81erjYFJ41JV8Nt+sJ6FC6 +kZF0GUF1TjmROwRaKdgMseqX77D1AEA8i8nUohf//4vtGU4w0SldDGQ+UzytM/nT +PRsIpKC/51CW9bFNpXT6NS6Aj1HocyZUQucp4bcCggEBAMCTNIjTRLXW1TRMH0yn +Q16mbzorezWfytwUxyz0uZQBUtvMwuVWjQF8IM1Zdqj934fOHtu7WgTvSAC2gaqw +V8eTx9pZ9qA/BRuiTLeX2IUAv7ZodGDTRCHEIImQ8Q51RCK1i28eDIr5hie2lq// +H6qncNjtYBpmjrRwWn/zdOyPRst4MFEsCfLSDhY+Cne2X1xTEc33kwKO3h40pCfF +IHXenl2YCt+A1RXWOu43I1iswSpLR9gvpUdPXaCDJXeX9q3WXxodgNxTVQLwc5+A +tsznjuP0247vVFUPIKtyyjQ7N86VYcgtSaWMarb2hsU9R3GJ1cxREpIIzGl6BDSI +FlMCggEAJmG2J8T0H6LT6CxCv5uhZW//uGV7gv+F4KTwpIx2oVEXt6gj6ORBx068 +1nCbEG4ikPumiDMFXQ2GKa+m9vfSGIxhmYYbeEH29jRImNAgiXmEpSRtjSp6sRk+ +g09K0Ee8N7UxK4ZhV9ozgPT9OUNY91MwfNlG+d5/qeOJqUCOtg9zsRf2kkFp7VBo +gTH597UDsHVrT98rpFo/XlOgsJb0OEUV8vkJkMtVguOyUnh6rp9uw+2kQocO1N3a +IT7YzeCaXcgjvvLZyILHy7tZnkMW7XUF70I18VzVFSNlzyOn/XD2JNeGwvAor26H +hqHUM7qo5k3nI6/dSdWQ1gBdmv104g== -----END PRIVATE KEY----- From de0aa4e9b2fa28e843d1a153073e6b1df8dad702 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Tue, 2 Apr 2019 16:16:25 +0200 Subject: [PATCH 19/21] Remove CSR and key from the root MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- client.csr | 28 ---------------------------- client.key | 51 --------------------------------------------------- 2 files changed, 79 deletions(-) delete mode 100644 client.csr delete mode 100644 client.key diff --git a/client.csr b/client.csr deleted file mode 100644 index 8c8b2e69dc..0000000000 --- a/client.csr +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIE1zCCAr8CAQAwgZExSTBHBgNVBAMMQHNvbWUgdmVyeSBsb25nLENObmFtZSBz -b21ldGhpbmcgbGlrZSB0aGlzIGlzIG5vdCBhbGxvd2VkIGkgZ3Vlc3MxETAPBgNV -BAoMCE1haW5mbHV4MQ8wDQYDVQQLDAZjbGllbnQxIDAeBgkqhkiG9w0BCQEWEWlu -Zm9AbWFpbmZsdXguY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA -vC+Rv1CU1Wb4ybqtkH8cYnwmNNaXOwQoNO7guBWSESQ17pmXgpMQXDq7A0P4uB5A -X9AabNVt2gJI8wdz+h7e+fh9TA6QeXsfaQtaEdddHLeEPq8gkL/3MJbaSEonBfp4 -LGsLXUHxX7Y6UBlxTaMByhW5IRJfGEhGDWN8EmwxXuPm9i1y2JpfK6OqVD+w29lo -yFXH+pY+vShaTS968eGtT/0x0CfyWhNGemAGbdmRqBhYb3A4cd6xvTAisd67nWsq -W5qGi5h+MtMEJZEkva1RmMF99wDXR/RU2QhGY742lK1gG5i5kVJ880Ru7AsfJvMf -QpLo52IjL0NZkBm65iu0VpGbld+zVBVx2FBE03szb4FbDwW4fnVxMtGYkQmRAQPR -tmJQ+uJdE3Hoxvx9hZAbBu0QTpy4CrkkBiQjZhQ34oHj19hVo+sAv9W4JV+KkiNn -z9PpNklTrCh32cgLGyVk1ffkQXeI+r5Icu6n3Xw/94zUe9szpFFjsWUYcUEE0fkm -PwUc7UN3Bgpc32Vb5/k0A1+seA+xVvDwM5CPTZdtDu5VKGqrCkRILKgDpGp+tz24 -QST3zyzUOyfS5hbkyC2rx/ECWMQVFlejl/gpuFPzrf43Zi5N1wapSV+l/VnjsRIr -+wyr3G+e9ALlM7V+muLr669DD0/aA8jeNH96z9MQHxkCAwEAAaAAMA0GCSqGSIb3 -DQEBCwUAA4ICAQACyKfJ2wxT2z5YQzrL/g0hTyKghp+VIFR/PM1ut9CL3CYeYI1k -I9ZHrBcxOSFdDjfYt0pmgUOrAi2uVQ27nGXSTVN3PO8XyOBvG/tA1CY0N04jY0KN -5cSfhD93Rt72rOANFa1xbkNXFkSpokdOFenDSJNZhtCy31f74arh5c/l5A1PeJqi -nFqjZWq/9U9Y7TlA/V07QNEcNF7VSAP+/PnSIXK1V9tBRLUzCIX2BCG6Tvf+PdO6 -tWR46/GlZqo9Mx4nlG2SUyTkBDmam87xikznuHBMHbjYn/WL0eXQIEWsUCOpfZ3T -WHvS6pHpo91rstfYsUZz1Wwy5Ln58Pvb/+a1EHb6prBH/pnUHdzEoaUi1uHffkzo -tiLbm0ZsNFRNWW//5G9xVE0aFagHFKGBpGt45gU8SW4n2IP5UziZtmG2HE+GGmvh -N/bnjkLkTwoBzuk245SzSIYp5oRhgDJdbtPbLkzB0jwpc5XumDCTHd6h3LX8Hmgs -00R+jAVD4/8TTgDpE3MwVSnaPr+4/7vgITavkQLHIMqfvzoHGMr35KYAunBQT5LO -Y0kTvuLzwESBRs9hQU9c5kNJVeH1wEI6myDiPZ2lVix0+DPtAGGAtlDtcOl6YX/H -WETcYK0ySTmsPDzU69Cwvzr1d/6RgtaT4bU7FZYDwKmylNH+FkR0OhhmEg== ------END CERTIFICATE REQUEST----- diff --git a/client.key b/client.key deleted file mode 100644 index bdf2964367..0000000000 --- a/client.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKgIBAAKCAgEAvC+Rv1CU1Wb4ybqtkH8cYnwmNNaXOwQoNO7guBWSESQ17pmX -gpMQXDq7A0P4uB5AX9AabNVt2gJI8wdz+h7e+fh9TA6QeXsfaQtaEdddHLeEPq8g -kL/3MJbaSEonBfp4LGsLXUHxX7Y6UBlxTaMByhW5IRJfGEhGDWN8EmwxXuPm9i1y -2JpfK6OqVD+w29loyFXH+pY+vShaTS968eGtT/0x0CfyWhNGemAGbdmRqBhYb3A4 -cd6xvTAisd67nWsqW5qGi5h+MtMEJZEkva1RmMF99wDXR/RU2QhGY742lK1gG5i5 -kVJ880Ru7AsfJvMfQpLo52IjL0NZkBm65iu0VpGbld+zVBVx2FBE03szb4FbDwW4 -fnVxMtGYkQmRAQPRtmJQ+uJdE3Hoxvx9hZAbBu0QTpy4CrkkBiQjZhQ34oHj19hV -o+sAv9W4JV+KkiNnz9PpNklTrCh32cgLGyVk1ffkQXeI+r5Icu6n3Xw/94zUe9sz -pFFjsWUYcUEE0fkmPwUc7UN3Bgpc32Vb5/k0A1+seA+xVvDwM5CPTZdtDu5VKGqr -CkRILKgDpGp+tz24QST3zyzUOyfS5hbkyC2rx/ECWMQVFlejl/gpuFPzrf43Zi5N -1wapSV+l/VnjsRIr+wyr3G+e9ALlM7V+muLr669DD0/aA8jeNH96z9MQHxkCAwEA -AQKCAgEAnVotRUpM2M+8MXmtjUgr5NGoZMAWPhuwvuoK7wHiXADqM7Mr89uib2wQ -WZ+pRdLNww/QOLaRnxwQAV53BGpxyZSUuFbpSRrBXeVHD+oDinKM2pk24rIRMAjD -RnTyglY3y/RJ0VXFTWGjCrzrd55YbbCSVuv0peow4RsRcJoVAiIQSkIgaKtT7rpw -PvfumzYEHpdTmt2sYiBuuWF9LOmmMF8nGsV8KQM7CDJozcuBtot8ztmH6PbrqaSp -Lg9u0yb7iRMBc5Iz262EJyFhFlTpCJCqEjIa0KillcAMk3RGUTVTSl/+slvF7OeI -1EhMaRYbSmBq7KarguaO6iYJmFJs/BJbWeYGE2dkw0Li1YyaU1DfE1ftfPWAZjgf -H0VN3cTmshaGXy2lBkxWevO1rd9EVG8ztNm41KrkzfDjEiPTMlm51au08K6RZPuH -/z3U62yXIawHfGwl8YDFOPpycMCQWOlElkWRevsxOnmIDctYbaq+jsSCB0SP6b9M -Ct0detgyAPlCsbK5k35ctRRQrMmjVVnDrL+bxH+QWmoFrZJkrXp12ObctnKsPeCA -eofU/tkXVXDaAVEzNfirBZSF34TZOrtVa72wwgkrUGArCXGRiMO8GWKQ9eMvr4bf -UsEr8CRh5hQLmdFEUSFOeqnfFbjYpigr9YO4tlBDOysccWYxZPECggEBAOXaK/Qi -7AYhHcnDajXsCo+LmqC1t/KdO6sVZwR4taV9NEu8YLMJ8umbpE95NjTw7T8dJuH4 -L4ljanRijSPoHN9ICFh6HWtjS/e61vfQsDimfOnOIkigOR+tGrlDVmrgg4x2gINe -TeEBlyqgHg5MpCwTClZlzPDTMi4BNq3B+cOSwPQyGTafPEKvf/7O54ZCHChQ90mZ -vNxuK1cwTZsdx694QDcKdwVe2gu0du8Lr8/82ysv+lg+wZSdxK+iI8XnGPFqS3+u -MhJ1Co5HwUqxmqXQ9NYtZsBMRuGZC2GWpqA1FmuEyzOSj88uzzFWK+xFSMJtZS8X -lEvxznlZCbtvm8UCggEBANGX+a2ZkMaESUSyK+lbJXOh/7KR4IEEtdy1YwoohfTR -xxPfm0OQ3hFPwnG9iqYGtHFrRFTxPiMqMmPDxF2KtCK7SAi0fgDMh9WAUXTgPp91 -yYpFfoudT+tL8h2Ka3tiWQSMS1ONjowOGF357qmQYEe4Kcf1o88i2RKiaNn/RRGf -w5VMafhDXrAnmn3lYQKH/jRu0Vk6IRoy246YUWNg4Hu7imgB2dA7nrn4700xdHuE -YgSaRxLo/3pqUNFXX+lQPaTFtj01wJC+XssUFEl5afvf7qqomG5wPn8oj5VViquV -fz3b3nICd5AdPj1zEuQQxCe6qzMCre8BqDSF3ZGhx0UCggEBAId4OOOhGX7bUdUy -yYySW/8ShsYllA74QMyqxpbKFjU9P+9LTar4OCUbSJJWnG5DeXDzW5FfV5Uf9QQ3 -eXwqN6oZqGGNR32dfo65ni1c4B/jcEfU6DvpwwE6Yz/BwlMnlCDbTw8eK8RrzY6f -5FcFMNWRO0yEn29o6nBW4sUySGTOP88tH9Mjsr6S9VtW0vo8SKAyaC0G4VsBy6WN -oI/F04VF2IMYNeICb3zqlhZ5yttI6lvf4SrVgf53pg7l/zOK6xaOUYUlQ/nA5cHJ -5NCDMOR97W+2PpMj4brhGuYfhoFyCI7CK4lv3jZ8Hj2zzhtpEmMVWseQnCTOlaTL -p4LDWwkCggEBALitYnCWiTyCP1TqcUqy5zMWIQmlA95q2hvZL6U5w57OYM2gD1zf -fuxeDQTPcCWObtwpGhKGZqvxeGjzjEin+MVJo9UXxJbLoTx8TknfdQ5oaOcPCMvY -Fx1K09E3sDENnUYmoBDFAD9kBBB6MtLxxgQrv5TTWj0fhYmn1R+Qj7lRvrIEnLMG -GZ65pqUbwfjK/zAQHSKz14sQGOlySPR53hLoUrIGP3f9sIRJVgH8e5iCMyO/FLUS -3Flu6Dss8/POoiJXm5YfkMd5Fml2DdIXy00GKXPyDi3xdP/yK2H397HsjithWoW2 -qscvHTJj/Nc79rrS/hp6V+vq190/vtWdaMkCggEAGxi4VAH86DNztbECHSSZMV4R -Wh9UWVbsIXtSGutPv701MFO97t65iZvZgCOgS3vxPuCm3xtzCxvszCj11Q1L5o5E -aUFLYj2NX4VHbzT60OZsAjfik2rrxqhDANRGtTtxecZ/QizFoNARJN7sR3LF2pfY -Vtnl4lkqzLZtKKmejxjfDhDFdtx3DfEJZQcuIwc3Zl8iGOmOuqJlQyT5Zjyn1fZP -PvyKKY38IKd5u8wiIMpBOQA3wa/SVf5YaGp3hOTehOfVht7JLmAWfXgjYih56k+E -o6h44F3x1Ya2+Clm4ql2B1TgL+8zJow2l6XOdFEg5oyjZ4bCyGSFCU2rPrK2KA== ------END RSA PRIVATE KEY----- From 0599250ad7e90a4b4b9b9c9d89a69ffbcdc64fb9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Tue, 2 Apr 2019 16:17:16 +0200 Subject: [PATCH 20/21] Drop TLS version below 1.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/nginx/nginx-key.conf | 6 +++--- docker/nginx/nginx-x509.conf | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker/nginx/nginx-key.conf b/docker/nginx/nginx-key.conf index 64f82fa0ba..bc88158555 100644 --- a/docker/nginx/nginx-key.conf +++ b/docker/nginx/nginx-key.conf @@ -25,7 +25,7 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; @@ -41,7 +41,7 @@ http { ssl_certificate_key /etc/ssl/private/mainflux-server.key; ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; @@ -202,7 +202,7 @@ stream { ssl_certificate_key /etc/ssl/private/mainflux-server.key; ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; diff --git a/docker/nginx/nginx-x509.conf b/docker/nginx/nginx-x509.conf index 9ebfafe1c3..a236057b81 100644 --- a/docker/nginx/nginx-x509.conf +++ b/docker/nginx/nginx-x509.conf @@ -27,7 +27,7 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; js_include authorization.js; @@ -46,7 +46,7 @@ http { ssl_verify_depth 2; ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; @@ -237,7 +237,7 @@ stream { ssl_verify_depth 2; ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; From e539f2c6250bc4e9f6b6d516a230ea8f858efde4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Tue, 2 Apr 2019 16:54:48 +0200 Subject: [PATCH 21/21] Add comments for cert and key paths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dušan Borovčanin --- docker/nginx/nginx-key.conf | 4 ++++ docker/nginx/nginx-x509.conf | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docker/nginx/nginx-key.conf b/docker/nginx/nginx-key.conf index bc88158555..61b29b161f 100644 --- a/docker/nginx/nginx-key.conf +++ b/docker/nginx/nginx-key.conf @@ -37,6 +37,8 @@ http { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; + # These paths are set to its default values as + # a volume in the docker/docker-compose.yml file. ssl_certificate /etc/ssl/certs/mainflux-server.crt; ssl_certificate_key /etc/ssl/private/mainflux-server.key; ssl_dhparam /etc/ssl/certs/dhparam.pem; @@ -198,6 +200,8 @@ stream { listen 8883 ssl; listen [::]:8883 ssl; + # These paths are set to its default values as + # a volume in the docker/docker-compose.yml file. ssl_certificate /etc/ssl/certs/mainflux-server.crt; ssl_certificate_key /etc/ssl/private/mainflux-server.key; ssl_dhparam /etc/ssl/certs/dhparam.pem; diff --git a/docker/nginx/nginx-x509.conf b/docker/nginx/nginx-x509.conf index a236057b81..b790f7b263 100644 --- a/docker/nginx/nginx-x509.conf +++ b/docker/nginx/nginx-x509.conf @@ -39,6 +39,8 @@ http { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; + # These paths are set to its default values as + # a volume in the docker/docker-compose.yml file. ssl_certificate /etc/ssl/certs/mainflux-server.crt; ssl_certificate_key /etc/ssl/private/mainflux-server.key; ssl_client_certificate /etc/ssl/certs/ca.crt; @@ -230,6 +232,8 @@ stream { listen 8883 ssl; listen [::]:8883 ssl; + # These paths are set to its default values as + # a volume in the docker/docker-compose.yml file. ssl_certificate /etc/ssl/certs/mainflux-server.crt; ssl_certificate_key /etc/ssl/private/mainflux-server.key; ssl_client_certificate /etc/ssl/certs/ca.crt;