Back to basics collection
Characteristics of a test framework — https://integrant.com/blog/8-essential-factors-for-test-automation-framework-success
- Ease of Use —
- Scalability — Should be scalable with the evolution of the use cases, those can be evolved over time with new the SUT
- Traceability — logging
- Maintainability — easy to maintain with new releases and related enhancements and new additions including the backward compatibility
- Reusability — to be sharable to other teams, collaborative
- Compatibility — compatible over the different os & os versions
- Minimal Manual Intervention — Easy to install or refer to in your code, easy to build/install
Networking
- Layer 2 — Physical link layer, works on Mac addresses only and doesn’t know the IP address.
- Layer3 —
- TCP/IP,
- HTTP
- SSL
- RIP
- SNMP
- NETCONF etc.
Certificate management, Source : https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
Create Root CA (Done once)
Create Root Key
Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!
openssl genrsa -des3 -out rootCA.key 4096If you want a non password protected key just remove the -des3 option
Create and self sign the Root Certificate
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crtHere we used our root key to create the root certificate that needs to be distributed in all the computers that have to trust us.
Create a certificate (Done for each server)
This procedure needs to be followed for each server/appliance that needs a trusted certificate from our CA
Create the certificate key
openssl genrsa -out mydomain.com.key 2048Create the signing (csr)
The certificate signing request is where you specify the details for the certificate you want to generate. This request will be processed by the owner of the Root key (you in this case since you create it earlier) to generate the certificate.
Important: Please mind that while creating the signign request is important to specify the Common Name providing the IP address or domain name for the service, otherwise the certificate cannot be verified.
I will describe here two ways to gener
Method A (Interactive)
If you generate the csr in this way, openssl will ask you questions about the certificate to generate like the organization details and the Common Name (CN) that is the web address you are creating the certificate for, e.g mydomain.com.
openssl req -new -key mydomain.com.key -out mydomain.com.csrMethod B (One Liner)
This method generates the same output as Method A but it’s suitable for use in your automation :) .
openssl req -new -sha256 -key mydomain.com.key -subj "/C=US/ST=CA/O=MyOrg, Inc./CN=mydomain.com" -out mydomain.com.csrIf you need to pass additional config you can use the -config parameter, here for example I want to add alternative names to my certificate.
openssl req -new -sha256 \
-key mydomain.com.key \
-subj "/C=US/ST=CA/O=MyOrg, Inc./CN=mydomain.com" \
-reqexts SAN \
-config <(cat /etc/ssl/openssl.cnf \
<(printf "\n[SAN]\nsubjectAltName=DNS:mydomain.com,DNS:www.mydomain.com")) \
-out mydomain.com.csrVerify the csr’s content
openssl req -in mydomain.com.csr -noout -textGenerate the certificate using the mydomain csr and key along with the CA Root key
openssl x509 -req -in mydomain.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out mydomain.com.crt -days 500 -sha256Verify the certificate’s content
openssl x509 -in mydomain.com.crt -text -nooutTransport Layer security
How to Create my Own certificate Chain — https://superuser.com/questions/126121/how-to-create-my-own-certificate-chain
Openssl Certificate management: https://www.golinuxcloud.com/openssl-create-certificate-chain-linux/
Security Resources — Testing for Weak SSL TLS Ciphers Insufficient Transport Layer Protection
A `netcat` tutorial — https://www.varonis.com/blog/netcat-commands
