This repo allows @confinet.it users to acquire X.509 and SSH certificates
for daily work, and configure system to use them.
Tested on Ubuntu >= 22.04, may work in any Debian/Ubuntu based distro
git clone https://github.com/confinet/step-sso.git ~/repos/confinet-step-sso| Command | Generated files |
|---|---|
make create-ssh-certificate |
./data/user/ssh_user_certs/ssh_user_key ./data/user/ssh_user_certs/ssh_user_key.pub ./data/user/ssh_user_certs/ssh_user_key-cert.pub |
make create-user-certificate |
./data/user/tls_user_certs/user.crt ./data/user/tls_user_certs/user.key ./data/user/tls_user_certs/user.crt.p12 |
make create-vpn-config |
./data/user/confinet-pfext01-step.ovpn |
| Command | System edits |
|---|---|
make add-ssh-certificate-to-agent |
Adds SSH key + cert in default ssh-agent, see ssh-add -L result |
make add-user-certificate-to-browsers |
Adds PKCS#12 cert to Firefox and Chrome profiles found Warning: libnss3-tools package required |
make add-vpn-config-to-system |
Adds OpenVPN config to system connections Warning: network-manager-openvpn-gnome package required |
make
Open about:config and set:
security.default_personal_cert => Select Automatically
security.remember_cert_checkbox_default_setting => false