This expands the functionality of the certificates and rsa commands and merges them into one command called cypto which can either use the cert or pair subcommands to generate certificates or key-pairs respectively. The rsa, ecdsa, and ed25519 subcommands exist for both the cert and pair commands. A new --ca-path argument for the cert subcommand allows Authelia to sign other certs with CA certs. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2.3 KiB
title | description | lead | date | draft | images | menu | weight | toc | ||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Guides | Miscellaneous Guides for Configuration. | This section contains miscellaneous guides used in the configuration. | 2022-05-16T15:21:22+10:00 | false |
|
199500 | true |
Generating a Random Alphanumeric String
Some sections of the configuration recommend generating a random string. There are many ways to accomplish this, one
possible way on Linux is utilizing the following command which prints a string with a length in characters of
${LENGTH}
to stdout
. The string will only contain alphanumeric characters.
LENGTH=64
tr -cd '[:alnum:]' < /dev/urandom | fold -w "${LENGTH}" | head -n 1 | tr -d '\n' ; echo
Generating an RSA Keypair
Some sections of the configuration need an RSA keypair. There are many ways to achieve this, this section explains two such ways.
openssl
The openssl
command on Linux can be used to generate a RSA 4096 bit keypair:
openssl genrsa -out private.pem 4096
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
authelia
The Authelia docker container or CLI binary can be used to generate a RSA 4096 bit keypair:
docker run -u "$(id -u):$(id -g)" -v "$(pwd)":/keys authelia/authelia:latest authelia crypto pair rsa generate --bits 4096 --directory /keys
authelia crypto pair rsa generate --directory /path/to/keys
Generating an RSA Self-Signed Certificate
Some sections of the configuration need a certificate and it may be possible to use a self-signed certificate. There are many ways to achieve this, this section explains two such ways.
openssl
The openssl
command on Linux can be used to generate a RSA 4096 bit self-signed certificate for the domain
example.com
:
openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -subj '/CN=example.com'
authelia
The Authelia docker container or binary can be used to generate a RSA 4096 bit self-signed certificate for the
domain example.com
:
docker run -u "$(id -u):$(id -g)" -v "$(pwd)":/keys authelia/authelia authelia crypto certificate rsa generate --common-name example.com --directory /keys
authelia crypto certificate rsa generate --common-name example.com --directory /path/to/keys