wazuh-packages
wazuh-packages copied to clipboard
Published
20 hours ago •
wazuh
wazuh
The `wazuh-certs-tool.sh` script should allow the certificate creation in existing directories
| Wazuh version | Install type | Action performed | Platform |
|---|---|---|---|
| 4.3.7 | wazuh-certs-tool.sh | - | - |
When trying to create a single node certificate, it is necessary to use an existing root-ca.pem and root-ca.key file, in case it does not exist, they can be generated with the same tool, but this causes the node certificates to not be able to be created because the target directory already exists.
╰─➤ bash wazuh-certs-tool.sh -ca
25/08/2022 16:37:11 INFO: Authority certificates created.
╰─➤ bash wazuh-certs-tool.sh -wd wazuh-certificates/root-ca.pem wazuh-certificates/root-ca.key
25/08/2022 16:37:19 ERROR: Directory wazuh-certificates already exists in the same path as the script. Please, remove the certs directory to create new certificates.
We must allow the certificates to be generated if the directory exists.
Update report
- It has been observed that when using parameters that require specifying the root-ca certificates, these end up being copied to the folder created along with the rest of the certificates. It is possible that this behavior is not entirely desired for several reasons:
- Duplicate files. Right now root-ca certificates are required to be on a different path than the one used to generate the certificates.
- If certificates are allowed to use an existing directory, we would be faced with two cases:
- The user uses his own root-ca certificates (the custom root-ca will be in a different path to where the certificates are created). In this case, it would make sense for the root-ca certificates to be copied to the certificates folder
- The user generates the root-ca before generating the rest of the certificates (they are originally in the same folder). In this case, the root-ca certificates are already in the final directory, which saves copying and duplicating them.