Working With Certificates and OpenSSL

In 2018 SSL is a fact of life everywhere. Below are a couple of common useful tips:

 

Generating a CSR and key from a bash script:

 


#!/bin/bash
#Written By rich.staats@metaltoad.com
#Last Modified April 20, 2016
#Auto-Generate CSR and Key file for SHA-256 SSL Certs

#Required Site Info
sitename=$1
commonname=$sitename

#Check for Site Name, If missing error output will be displayed
if [ -z "$sitename" ]
then
	echo "Error! No site name provided, please provide a sitename after typing newcert.sh. ex: newcert.sh mysite.com"
	exit 99
fi

#Generate CSR and Key
openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout ~/$sitename.key -out ~/$sitename.csr

#Show CSR to copy and Paste
echo "Your request completed successfully, copy the CSR below and use a certificate provider to generate an SSL certificate from this CSR"
cat ~/$sitename.csr

Comparing a newly issues crt to its keyfile to ensure they match:


openssl x509 -noout -modulus -in mydomain.com.crt | openssl md5
openssl rsa -noout -modulus -in mydomain.com.key | openssl md5

The output from these should be a matching MD5 string, if the values do not match you have a cert/key mismatch.

Converting crt and key to pfx:


openssl pkcs12 -export -out mydomain.com.pfx -inkey mydomain.com.key -in mydomain.com.crt

AWS EC2 Instance Resize Script

If you’re in a world with legacy code that doesn’t lend itself well to autoscaling you may find yourself in need of scaling servers up and down on a semi-regular basis. This gets annoying rather quickly through the AWS Web console. I’ve created a script to handle this task, it simply requires that you have Python installed, the AWS CLI installed and configured with your API keys, pip install of boto3 client if not already installed, and updating the web servers dictionary with your server names and instance-ids. Clone from here

 

 



import boto3
import time

client = boto3.client('ec2')

def stop_instances(my_instance):
    client.stop_instances(InstanceIds=[my_instance])
    waiter=client.get_waiter('instance_stopped')
    waiter.wait(InstanceIds=[my_instance])

def change_size(my_instance,targetsize):
    client.modify_instance_attribute(InstanceId=my_instance, Attribute='instanceType', Value=targetsize)

def start_instances(my_instance):
    client.start_instances(InstanceIds=[my_instance])

def main ():
    webservers = {'server1' : 'i-xxxxxxxxxxx','server2' : 'i-xxxxxxxxxx','server3' : 'i-xxxxxxxxx'}
    for k, v in webservers.iteritems():
        my_instance = (v)
        instance_name = (k)
        targetsize = 'c4.2xlarge'
        print (instance_name + " is stopping")
        stop_instances(my_instance)
        print (instance_name + " resizing to " + targetsize)
        change_size(my_instance,targetsize)
        print (instance_name + " is starting")
        start_instances(my_instance)
        time.sleep(60) 

main()

Updating NTFS Permissions in Powershell

I recently encountered a situation on a 4TB drive that needed permissions added recursively to a large directory with many folders. To save time I created a powershell script that would do this for me. Below is the script:

 

 

$path = "C:\yourpath\"
$user = "domain\username"
$permission = "Modify"
$acl = Get-Acl $path
$inherit = [system.security.accesscontrol.InheritanceFlags]"ObjectInherit",[system.security.accesscontrol.InheritanceFlags]"ContainerInherit"
$propagation = [system.security.accesscontrol.PropagationFlags]"None"
$accessRule = New-Object system.security.AccessControl.FileSystemAccessRule($user, $permission, $inherit, $propagation, "Allow")
$acl.SetAccessRule($accessRule)
$acl | Set-Acl $path