authelia/docs/content/en/configuration/miscellaneous/guides.md
James Elliott fcac438637
feat(commands): enhance crypto generation capabilities (#2842)
This expands the functionality of the certificates and rsa commands and merges them into one command called cypto which can either use the cert or pair subcommands to generate certificates or key-pairs respectively. The rsa, ecdsa, and ed25519 subcommands exist for both the cert and pair commands. A new --ca-path argument for the cert subcommand allows Authelia to sign other certs with CA certs.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-06-27 18:27:57 +10:00

2.3 KiB

title description lead date draft images menu weight toc
Guides Miscellaneous Guides for Configuration. This section contains miscellaneous guides used in the configuration. 2022-05-16T15:21:22+10:00 false
configuration
parent
miscellaneous
199500 true

Generating a Random Alphanumeric String

Some sections of the configuration recommend generating a random string. There are many ways to accomplish this, one possible way on Linux is utilizing the following command which prints a string with a length in characters of ${LENGTH} to stdout. The string will only contain alphanumeric characters.

LENGTH=64
tr -cd '[:alnum:]' < /dev/urandom | fold -w "${LENGTH}" | head -n 1 | tr -d '\n' ; echo

Generating an RSA Keypair

Some sections of the configuration need an RSA keypair. There are many ways to achieve this, this section explains two such ways.

openssl

The openssl command on Linux can be used to generate a RSA 4096 bit keypair:

openssl genrsa -out private.pem 4096
openssl rsa -in private.pem -outform PEM -pubout -out public.pem

authelia

The Authelia docker container or CLI binary can be used to generate a RSA 4096 bit keypair:

docker run -u "$(id -u):$(id -g)" -v "$(pwd)":/keys authelia/authelia:latest authelia crypto pair rsa generate --bits 4096 --directory /keys
authelia crypto pair rsa generate --directory /path/to/keys

Generating an RSA Self-Signed Certificate

Some sections of the configuration need a certificate and it may be possible to use a self-signed certificate. There are many ways to achieve this, this section explains two such ways.

openssl

The openssl command on Linux can be used to generate a RSA 4096 bit self-signed certificate for the domain example.com:

openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -subj '/CN=example.com'

authelia

The Authelia docker container or binary can be used to generate a RSA 4096 bit self-signed certificate for the domain example.com:

docker run -u "$(id -u):$(id -g)" -v "$(pwd)":/keys authelia/authelia authelia crypto certificate rsa generate --common-name example.com --directory /keys
authelia crypto certificate rsa generate --common-name example.com --directory /path/to/keys