Airren Ren
Monday, January 1, 1
openwrt login
1curl -XPOST curl --location -v --request POST 'https://10-233-76-144.default.pod.cluster.local/cgi-bin/luci/?luci_username=root&luci_password=root1' --cacert ./ca.pem
2
3 # Cert is the cnf-default-cert, must use the h
4curl --location -v --request POST 'https://10-233-76-144.default.pod.cluster.local/cgi-bin/luci/' \
5--header 'Content-Type: application/x-www-form-urlencoded' \
6--data-urlencode 'luci_username=root' \
7--data-urlencode 'luci_password=root1' \
8--cacert ./ca.pem
Create CSR
1curl -XGET 'https://10-233-76-144.default.pod.cluster.local/cgi-bin/luci/sdewan/nat/v1/nats' --cacert ./ca.pem
1curl -XGET 'https://10-233-76-144.default.pod.cluster.local/cgi-bin/luci/sdewan/pkcs11/v1/crs' --cacert ./ca.pem
1#!/bin/bash
2
3set -x
4
5cnf_ip="10-233-76-144.default.pod.cluster.local"
6cert_label="node-1"
7cert_subject="/CN=node-1"
8
9# you alway a same csr, even you try many times
10curl --location --request POST "https://${cnf_ip}/cgi-bin/luci/sdewan/pkcs11/v1/crs" \
11--header 'Content-Type: application/json' \
12--data-raw "{
13 \"cert\": {
14 \"key_pair\": {
15 \"key_type\": \"rsa:2048\",
16 \"label\": \"${cert_label}\",
17 \"id\": \"0001\"
18 },
19 \"subject\": \"${cert_subject}\",
20 \"pem\": \"\"
21 }
22}" --cert ca.pem | tee new.csr
23
24openssl x509 -req -days 365 -CA caCert.pem -CAkey caKey.pem -set_serial 1 -in new.csr -out client.crt
25
26cert="-----BEGIN CERTIFICATE-----\n$(cat client.crt|awk "NR>1{print $1}"|sed '$d'|tr -d "\n")\n-----END CERTIFICATE-----"
27
28curl --location --request POST "https://${cnf_ip}/cgi-bin/luci/sdewan/pkcs11/v1/cert" \
29--header 'Content-Type: application/json' \
30--data-raw "{
31 \"token\": {
32 \"label\": \"sdewan-sgx\",
33 \"slot\": 0,
34 \"so_pin\": \"12345678\",
35 \"pin\": \"12345678\"
36 },
37 \"cert\": {
38 \"key_pair\": {
39 \"key_type\": \"rsa:2048\",
40 \"label\": \"node-1\",
41 \"id\": \"12345678\"
42 },
43 \"subject\": \"/CN=node-1\",
44 \"pem\": \"${cert}\"
45 }
46}"
1pkcs11-tool --module /lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so -L
2 2 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -O
3 3 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -b --type cert --label node-1
4 4 pkcs11-tool --module /usr/local/lib/libp11sgx.so -L
5 5 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -b --type cert --label node-1 --slot 0x7bfa3749
6 6 pkcs11-tool --module /usr/local/lib/libp11sgx.so -L
7 7 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -O
8 8 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -b --type cert --label node-1 --slot 0x7bfa3749
9 9 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -O
10 10 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -b --type cert --label node-1 --slot 0x7bfa3749
11 11 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -O
12 12 pkcs11-tool --help > help
13 13 vi help
14 14 apt update
15 15 apt install vim
16 16 ls
17 17 vi help
18 18 -O
19 19 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -O
20 20 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -b --type cert --label node-1 --slot 0x7bfa3749
21 21 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -O
22 22 pkcs11-tool --module /usr/local/lib/libp11sgx.so -L
23 23 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -O
24 24 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -b --type cert --label node-1 --token sdewan-sgx
25 25 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -O
26 26 pkcs11-tool --module /usr/local/lib/libp11sgx.so --login --pin 12345678 -b --type cert --label node-1 --token sdewan-sgx
27
28
29
30 certificatesigningrequests.certificates.k8s.io