Before when we want to create different certificates we create one wazuh-certificates folder per wazuh component. Now only use one and improve the scalability.
Before, when the certs-tool.sh script was executed, a wazuh-certificates directory was created in the base directory for each execution. This meant that if you first created certificates for one component, and then wanted to create certificates for another component, it would not allow you to do so as there was already a wazuh-certificates directory.
This complicated the creation of certificates for distributions where there were two components installed on the same machine (for example, an indexer and a server).
Description
With this PR, it is now possible to create certificates for any component by hosting them in the same wazuh-certificates.
If the wazuh-certificates directory exists, the new certificates are added to it, overwriting the existing ones. For example, if I create a root-ca.pem certificate and try to add another root-ca.pem certificate, it will be overwritten, keeping the new changes.
This allows for scalability, being able to generate the necessary certificates without having to save several wazuh-certificates directories.
Tests
First I create the CA certificates:
Create CA certificates
``` console
root@ubuntu-focal:/home/vagrant# bash wazuh-certs-tool.sh -ca
12/06/2024 11:19:31 INFO: Verbose logging redirected to /home/vagrant/wazuh-certificates-tool.log
12/06/2024 11:19:31 INFO: Generating the root certificate.
12/06/2024 11:19:31 INFO: Authority certificates created.
root@ubuntu-focal:/home/vagrant# ls wazuh-certificates
root-ca.key root-ca.pem
```
If I try to create a new certificate for the dashboard, it is added to the existing directory:
Create Dashboard certificates
```console
bash wazuh-certs-tool.sh -wd wazuh-certificates/root-ca.pem wazuh-certificates/root-ca.key -v
12/06/2024 11:20:29 INFO: Verbose logging redirected to /home/vagrant/wazuh-certificates-tool.log
12/06/2024 11:20:29 DEBUG: Reading configuration file.
12/06/2024 11:20:29 DEBUG: Checking if 192.168.56.12 is private.
12/06/2024 11:20:29 DEBUG: Checking if 192.168.56.11 is private.
12/06/2024 11:20:29 DEBUG: Checking if 192.168.56.13 is private.
12/06/2024 11:20:29 DEBUG: Checking if the root CA exists.
12/06/2024 11:20:29 INFO: Generating Wazuh dashboard certificates.
12/06/2024 11:20:29 DEBUG: Generating certificate configuration.
12/06/2024 11:20:29 DEBUG: Creating the Wazuh dashboard tmp key pair.
12/06/2024 11:20:29 DEBUG: Creating the Wazuh dashboard certificates.
12/06/2024 11:20:29 INFO: Wazuh dashboard certificates created.
12/06/2024 11:20:29 DEBUG: Cleaning certificate files.
12/06/2024 11:20:29 DEBUG: Wazuh-certificates directory exists. Copied files from '/tmp/wazuh-certificates' to '/home/vagrant/wazuh-certificates' and removed '/tmp/wazuh-certificates'.
root@ubuntu-focal:/home/vagrant# ls wazuh-certificates
dashboard-key.pem dashboard.pem root-ca.key root-ca.pem
```
Before when we want to create different certificates we create one
wazuh-certificates
folder per wazuh component. Now only use one and improve the scalability.Context
Before, when the
certs-tool.sh
script was executed, awazuh-certificates
directory was created in the base directory for each execution. This meant that if you first created certificates for one component, and then wanted to create certificates for another component, it would not allow you to do so as there was already awazuh-certificates
directory. This complicated the creation of certificates for distributions where there were two components installed on the same machine (for example, an indexer and a server).Description
With this PR, it is now possible to create certificates for any component by hosting them in the same
wazuh-certificates
.If the
wazuh-certificates
directory exists, the new certificates are added to it, overwriting the existing ones. For example, if I create aroot-ca.pem
certificate and try to add anotherroot-ca.pem
certificate, it will be overwritten, keeping the new changes.This allows for scalability, being able to generate the necessary certificates without having to save several
wazuh-certificates
directories.Tests
First I create the
CA
certificates:Create CA certificates
``` console root@ubuntu-focal:/home/vagrant# bash wazuh-certs-tool.sh -ca 12/06/2024 11:19:31 INFO: Verbose logging redirected to /home/vagrant/wazuh-certificates-tool.log 12/06/2024 11:19:31 INFO: Generating the root certificate. 12/06/2024 11:19:31 INFO: Authority certificates created. root@ubuntu-focal:/home/vagrant# ls wazuh-certificates root-ca.key root-ca.pem ```If I try to create a new certificate for the dashboard, it is added to the existing directory:
Create Dashboard certificates
```console bash wazuh-certs-tool.sh -wd wazuh-certificates/root-ca.pem wazuh-certificates/root-ca.key -v 12/06/2024 11:20:29 INFO: Verbose logging redirected to /home/vagrant/wazuh-certificates-tool.log 12/06/2024 11:20:29 DEBUG: Reading configuration file. 12/06/2024 11:20:29 DEBUG: Checking if 192.168.56.12 is private. 12/06/2024 11:20:29 DEBUG: Checking if 192.168.56.11 is private. 12/06/2024 11:20:29 DEBUG: Checking if 192.168.56.13 is private. 12/06/2024 11:20:29 DEBUG: Checking if the root CA exists. 12/06/2024 11:20:29 INFO: Generating Wazuh dashboard certificates. 12/06/2024 11:20:29 DEBUG: Generating certificate configuration. 12/06/2024 11:20:29 DEBUG: Creating the Wazuh dashboard tmp key pair. 12/06/2024 11:20:29 DEBUG: Creating the Wazuh dashboard certificates. 12/06/2024 11:20:29 INFO: Wazuh dashboard certificates created. 12/06/2024 11:20:29 DEBUG: Cleaning certificate files. 12/06/2024 11:20:29 DEBUG: Wazuh-certificates directory exists. Copied files from '/tmp/wazuh-certificates' to '/home/vagrant/wazuh-certificates' and removed '/tmp/wazuh-certificates'. root@ubuntu-focal:/home/vagrant# ls wazuh-certificates dashboard-key.pem dashboard.pem root-ca.key root-ca.pem ```