wazuh-packages
wazuh-packages copied to clipboard
Published
20 hours ago •
wazuh
wazuh
wazuh-certs-tool.sh support for multiple IPs in server nodes
| Related issue |
|---|
| closes #1573 |
Description
We could only have one IP per node, in order to allow multiple IPs I had to change the cert_parseYaml function. This function treated every server IP as if it were from the same node. Changing this function also meant changing the way the variables were generated. Once this was completed I made the changes necessary to allow the wazuh-certs-tool.sh script to create certificates with multiple IPs in a server node.
Logs example
Certificates generated with this config.yml file.
nodes:
indexer:
- name: indexer
ip: 127.0.0.1
server:
- name: server
ip: 127.0.0.1
ip: 127.0.0.2
ip: google.com
ip: 127.0.0.4
ip: wazuh.com
node_type: master
- name: server2
ip: 127.0.0.10
ip: 127.0.0.11
node_type: worker
- name: server3
ip: 192.168.1.1
node_type: worker
dashboard:
- name: dashboard
ip: 127.0.0.1
root@ubuntu2004:/home/vagrant# ./wazuh-certs-tool.sh -A
05/08/2022 07:24:59 INFO: Admin certificates created.
05/08/2022 07:24:59 INFO: Wazuh indexer certificates created.
05/08/2022 07:24:59 INFO: Wazuh server certificates created.
05/08/2022 07:24:59 INFO: Wazuh dashboard certificates created.
root@ubuntu2004:/home/vagrant/wazuh-certificates# ls
admin-key.pem indexer-key.pem server2-key.pem server-key.pem
admin.pem indexer.pem server2.pem server.pem
dashboard-key.pem root-ca.key server3-key.pem
dashboard.pem root-ca.pem server3.pem
root@ubuntu2004:/home/vagrant/wazuh-certificates# openssl x509 -in server.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
XX-XX-XX
Signature Algorithm: sha256WithRSAEncryption
Issuer: OU = Wazuh, O = Wazuh, L = California
Validity
Not Before: Aug 5 07:24:59 2022 GMT
Not After : Aug 2 07:24:59 2032 GMT
Subject: C = US, L = California, O = Wazuh, OU = Wazuh, CN = server
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:95:XX-XX-XX
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Subject Alternative Name:
IP Address:127.0.0.1, IP Address:127.0.0.2, DNS:google.com, IP Address:127.0.0.4, DNS:wazuh.com
root@ubuntu2004:/home/vagrant/wazuh-certificates# openssl x509 -in server2.pem -noout -text
...
Subject: C = US, L = California, O = Wazuh, OU = Wazuh, CN = server2
...
X509v3 Subject Alternative Name:
IP Address:127.0.0.10, IP Address:127.0.0.11
root@ubuntu2004:/home/vagrant/wazuh-certificates# openssl x509 -in server3.pem -noout -text
...
Issuer: OU = Wazuh, O = Wazuh, L = California
Validity
Not Before: Aug 5 07:24:59 2022 GMT
Not After : Aug 2 07:24:59 2032 GMT
Subject: C = US, L = California, O = Wazuh, OU = Wazuh, CN = server
...
X509v3 Subject Alternative Name:
IP Address:192.168.1.1
