From a3effb5d290b0ca552457c3ebf9648122e9f826c Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 3 Feb 2019 01:47:17 +0100 Subject: [PATCH] steveej-480s-work: add Satellite certificate --- .../sat-r220-02.lab.eng.rdu2.redhat.com.crt | 98 +++++++++++++++++++ nix/os/devices/steveej-t480s-work/system.nix | 5 + 2 files changed, 103 insertions(+) create mode 100644 certificates/sat-r220-02.lab.eng.rdu2.redhat.com.crt diff --git a/certificates/sat-r220-02.lab.eng.rdu2.redhat.com.crt b/certificates/sat-r220-02.lab.eng.rdu2.redhat.com.crt new file mode 100644 index 0000000..a836e9b --- /dev/null +++ b/certificates/sat-r220-02.lab.eng.rdu2.redhat.com.crt @@ -0,0 +1,98 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d0:17:d1:86:81:d4:f1:28 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=North Carolina, L=Raleigh, O=Katello, OU=SomeOrgUnit, CN=sat-r220-02.lab.eng.rdu2.redhat.com + Validity + Not Before: Nov 2 15:37:13 2018 GMT + Not After : Jan 17 15:37:13 2038 GMT + Subject: C=US, ST=North Carolina, L=Raleigh, O=Katello, OU=SomeOrgUnit, CN=sat-r220-02.lab.eng.rdu2.redhat.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ba:03:39:e3:af:3e:c7:89:bd:d0:07:66:83:18: + 9c:c0:da:56:e8:bb:37:fe:03:67:94:9a:1c:9d:47: + da:6a:a7:6e:56:6d:0a:73:05:79:0e:44:61:71:78: + 33:33:79:b1:ce:a6:9d:87:d0:01:81:10:d5:e3:21: + 0f:d0:e9:ef:86:dc:13:34:62:42:47:81:f6:ce:d8: + 78:de:00:0c:a6:5d:25:d8:cc:72:6a:c4:7c:e1:5b: + 84:2b:e2:3c:b6:51:7e:8e:e6:e1:55:7d:b4:c8:e7: + 98:76:eb:20:15:48:6f:2e:91:ca:b7:17:d4:d9:76: + 5b:40:1c:7e:4c:0b:6f:2c:63:fa:78:c5:8b:b5:36: + b6:01:d9:da:58:a9:06:76:32:18:ca:b2:7c:2d:aa: + 4f:4e:f5:67:30:4c:a6:a3:e3:ef:7c:1d:d3:67:de: + da:a5:b9:57:0d:74:01:c3:24:a9:03:61:98:91:c2: + 1f:1d:a4:36:d2:a6:f4:95:6f:01:6a:99:41:ea:f0: + 8c:7a:7d:a0:0d:34:93:a3:80:cb:19:fb:1a:e1:c4: + 0b:60:5c:8d:33:ea:90:ed:98:d2:2a:06:6e:a2:02: + 1f:f8:2c:1e:d4:d0:d4:8f:93:8d:c9:fe:21:39:6a: + 5b:7b:60:5d:2a:9c:1e:3f:51:31:b1:be:56:28:cb: + 4d:cd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Key Usage: + Digital Signature, Key Encipherment, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Netscape Cert Type: + SSL Server, SSL CA + Netscape Comment: + Katello SSL Tool Generated Certificate + X509v3 Subject Key Identifier: + 72:CD:88:06:03:FE:5D:A2:D0:B3:20:C7:37:74:06:84:A8:A8:13:DF + X509v3 Authority Key Identifier: + keyid:72:CD:88:06:03:FE:5D:A2:D0:B3:20:C7:37:74:06:84:A8:A8:13:DF + DirName:/C=US/ST=North Carolina/L=Raleigh/O=Katello/OU=SomeOrgUnit/CN=sat-r220-02.lab.eng.rdu2.redhat.com + serial:D0:17:D1:86:81:D4:F1:28 + + Signature Algorithm: sha256WithRSAEncryption + 70:fe:c6:9f:1a:62:e8:b0:a6:25:df:e8:51:6c:e9:08:48:00: + 72:2b:d8:a2:95:6e:57:01:8e:2a:9c:a0:14:f8:c9:8a:e3:5d: + 48:64:f9:0f:81:e7:3e:b1:c2:cb:a0:ec:55:d6:e4:7f:c0:46: + 7b:bc:66:15:88:61:73:3b:ea:9e:ea:cb:32:79:35:bc:dc:eb: + 6f:d8:d0:89:c2:ae:fd:02:43:cd:e0:38:d6:9c:16:d7:6d:bb: + 2c:73:53:3c:82:56:51:d8:96:71:e1:28:49:31:be:fb:ed:23: + 08:e5:8d:eb:48:c7:25:5d:ef:0e:30:22:d3:93:7f:f1:66:b8: + 7f:8f:5c:d2:97:e7:13:0e:5b:06:1d:fd:97:1d:a5:24:93:d9: + 8a:d2:ba:51:00:b3:71:c8:61:da:79:31:64:75:96:d0:b8:d8: + 45:57:24:40:2f:11:d6:63:70:f5:bf:8d:fc:7f:1b:b9:ad:e0: + 16:6a:89:9b:6a:0c:d3:e3:b5:14:b4:5c:36:8a:b0:dd:15:4d: + 4e:77:e9:9b:29:df:e9:e3:27:dc:87:f8:6e:5d:a9:14:42:5c: + 8b:7b:13:9d:8b:c7:7a:4d:6d:52:7e:5f:02:9f:21:15:de:98: + 5d:f5:25:30:d3:fa:b4:34:f3:ff:8d:36:c7:e3:1c:d3:b1:f7: + b6:7b:ad:40 +-----BEGIN CERTIFICATE----- +MIIFEDCCA/igAwIBAgIJANAX0YaB1PEoMA0GCSqGSIb3DQEBCwUAMIGOMQswCQYD +VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp +Z2gxEDAOBgNVBAoMB0thdGVsbG8xFDASBgNVBAsMC1NvbWVPcmdVbml0MSwwKgYD +VQQDDCNzYXQtcjIyMC0wMi5sYWIuZW5nLnJkdTIucmVkaGF0LmNvbTAeFw0xODEx +MDIxNTM3MTNaFw0zODAxMTcxNTM3MTNaMIGOMQswCQYDVQQGEwJVUzEXMBUGA1UE +CAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVpZ2gxEDAOBgNVBAoMB0th +dGVsbG8xFDASBgNVBAsMC1NvbWVPcmdVbml0MSwwKgYDVQQDDCNzYXQtcjIyMC0w +Mi5sYWIuZW5nLnJkdTIucmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALoDOeOvPseJvdAHZoMYnMDaVui7N/4DZ5SaHJ1H2mqnblZtCnMF +eQ5EYXF4MzN5sc6mnYfQAYEQ1eMhD9Dp74bcEzRiQkeB9s7YeN4ADKZdJdjMcmrE +fOFbhCviPLZRfo7m4VV9tMjnmHbrIBVIby6RyrcX1Nl2W0AcfkwLbyxj+njFi7U2 +tgHZ2lipBnYyGMqyfC2qT071ZzBMpqPj73wd02fe2qW5Vw10AcMkqQNhmJHCHx2k +NtKm9JVvAWqZQerwjHp9oA00k6OAyxn7GuHEC2BcjTPqkO2Y0ioGbqICH/gsHtTQ +1I+Tjcn+ITlqW3tgXSqcHj9RMbG+VijLTc0CAwEAAaOCAW0wggFpMAwGA1UdEwQF +MAMBAf8wCwYDVR0PBAQDAgGmMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjARBglghkgBhvhCAQEEBAMCAkQwNQYJYIZIAYb4QgENBCgWJkthdGVsbG8gU1NM +IFRvb2wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRyzYgGA/5dotCz +IMc3dAaEqKgT3zCBwwYDVR0jBIG7MIG4gBRyzYgGA/5dotCzIMc3dAaEqKgT36GB +lKSBkTCBjjELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAw +DgYDVQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdLYXRlbGxvMRQwEgYDVQQLDAtTb21l +T3JnVW5pdDEsMCoGA1UEAwwjc2F0LXIyMjAtMDIubGFiLmVuZy5yZHUyLnJlZGhh +dC5jb22CCQDQF9GGgdTxKDANBgkqhkiG9w0BAQsFAAOCAQEAcP7Gnxpi6LCmJd/o +UWzpCEgAcivYopVuVwGOKpygFPjJiuNdSGT5D4HnPrHCy6DsVdbkf8BGe7xmFYhh +czvqnurLMnk1vNzrb9jQicKu/QJDzeA41pwW1227LHNTPIJWUdiWceEoSTG+++0j +COWN60jHJV3vDjAi05N/8Wa4f49c0pfnEw5bBh39lx2lJJPZitK6UQCzcchh2nkx +ZHWW0LjYRVckQC8R1mNw9b+N/H8bua3gFmqJm2oM0+O1FLRcNoqw3RVNTnfpmynf +6eMn3If4bl2pFEJci3sTnYvHek1tUn5fAp8hFd6YXfUlMNP6tDTz/402x+Mc07H3 +tnutQA== +-----END CERTIFICATE----- diff --git a/nix/os/devices/steveej-t480s-work/system.nix b/nix/os/devices/steveej-t480s-work/system.nix index c280844..7d3aa74 100644 --- a/nix/os/devices/steveej-t480s-work/system.nix +++ b/nix/os/devices/steveej-t480s-work/system.nix @@ -72,4 +72,9 @@ in { authorizedKeys = keys.users.steveej.openssh; }; }; + + security.pki.certificateFiles = [ + "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" + ../../../../certificates/sat-r220-02.lab.eng.rdu2.redhat.com.crt + ]; }