wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-08-15 01:03:02 +02:00
Code Issues Projects Releases Wiki Activity

Exclude CA from P12 (#835)

Browse source
This commit is contained in:
Jack Ivanov 2018-03-18 00:16:22 +03:00 committed by Dan Guido
parent 390de05e7f
commit 8a578cbd00
2 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
roles/vpn/tasks/openssl.yml
View file

@ -117,7 +117,6 @@
-export -export
-name {{ item }} -name {{ item }}
-out private/{{ item }}.p12 -out private/{{ item }}.p12
-certfile cacert.pem
-passout pass:"{{ easyrsa_p12_export_password }}" -passout pass:"{{ easyrsa_p12_export_password }}"
args: args:
chdir: "configs/{{ IP_subject_alt_name }}/pki/" chdir: "configs/{{ IP_subject_alt_name }}/pki/"

1
roles/vpn/templates/client_windows.ps1.j2
View file

@ -1,6 +1,7 @@
function AddAlgoVPN { function AddAlgoVPN {
certutil -f -importpfx .\{{ item }}.p12 certutil -f -importpfx .\{{ item }}.p12
certutil -addstore root .\cacert.pem
Add-VpnConnection -name "Algo VPN {{ IP_subject_alt_name }} IKEv2" -ServerAddress "{{ IP_subject_alt_name }}" -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required Add-VpnConnection -name "Algo VPN {{ IP_subject_alt_name }} IKEv2" -ServerAddress "{{ IP_subject_alt_name }}" -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required
Set-VpnConnectionIPsecConfiguration -ConnectionName "Algo VPN {{ IP_subject_alt_name }} IKEv2" -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES128 -IntegrityCheckMethod SHA384 -DHGroup ECP256 -PfsGroup ECP256 -Force Set-VpnConnectionIPsecConfiguration -ConnectionName "Algo VPN {{ IP_subject_alt_name }} IKEv2" -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES128 -IntegrityCheckMethod SHA384 -DHGroup ECP256 -PfsGroup ECP256 -Force
} }