jfmartel/YULTek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cerfificats KA2501

Browse Source
This commit is contained in:
jfmartel 2025-07-20 13:34:30 -04:00
parent 879b97d00c
commit 213cc8ec8f
4 changed files with 351 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Clickhouse VM/config.xml
View File

@ -377,7 +377,7 @@
<concurrent_threads_soft_limit_ratio_to_cores>2</concurrent_threads_soft_limit_ratio_to_cores> <concurrent_threads_soft_limit_ratio_to_cores>2</concurrent_threads_soft_limit_ratio_to_cores>
<concurrent_threads_scheduler>fair_round_robin</concurrent_threads_scheduler> <concurrent_threads_scheduler>fair_round_robin</concurrent_threads_scheduler>
<!-- Maximum number of concurrent queries. --> <!-- Maximum number of concurrent queries. (1000)-->
<max_concurrent_queries>1000</max_concurrent_queries> <max_concurrent_queries>1000</max_concurrent_queries>
<!-- Maximum memory usage (resident set size) for server process. <!-- Maximum memory usage (resident set size) for server process.
@ -459,8 +459,8 @@
<!-- Approximate size of mark cache, used in tables of MergeTree family. <!-- Approximate size of mark cache, used in tables of MergeTree family.
In bytes. Cache is single for server. Memory is allocated only on demand. In bytes. Cache is single for server. Memory is allocated only on demand.
You should not lower this value. --> You should not lower this value. (5368709120) -->
<!-- <mark_cache_size>5368709120</mark_cache_size> --> <!-- <mark_cache_size>1073741824</mark_cache_size> -->
<!-- For marks of secondary indices. --> <!-- For marks of secondary indices. -->
<!-- <index_mark_cache_size>5368709120</index_mark_cache_size> --> <!-- <index_mark_cache_size>5368709120</index_mark_cache_size> -->

71
OpenVPN/Certificates/Certs/stationKA2501.crt Normal file
View File

@ -0,0 +1,71 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:c8:7d:2d:3b:1f:85:c2:1b:4e:a6:df:24:2b:98:cd
Signature Algorithm: sha512WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: May 27 18:51:42 2025 GMT
Not After : May 20 18:51:42 2055 GMT
Subject: CN=stationKA2501
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:4f:cf:df:9f:3a:ca:37:5b:71:71:5a:50:8c:39:
73:a7:2f:04:16:c6:66:81:72:70:89:b6:ba:58:06:
83:54:58:37:19:74:f8:a5:42:70:41:1b:c1:eb:59:
26:5a:aa:ed:1b:7a:af:0e:c5:2a:3f:26:6e:3d:53:
28:6d:2e:b6:c6:4e:9c:73:d3:c5:2b:96:10:b4:2e:
f4:e5:06:b7:ca:cd:c7:72:20:b5:07:05:84:17:64:
4e:cb:f5:4f:51:b3:c7
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
9E:36:BB:6F:4C:C7:DE:80:C4:CB:11:AC:4B:C8:C2:11:26:0B:64:83
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha512WithRSAEncryption
Signature Value:
26:a0:0c:57:fb:39:8b:25:ee:0d:a0:23:f3:c8:67:27:b4:bb:
f9:f1:10:e1:7e:80:a7:04:f6:19:ca:b8:a2:b4:f5:db:d6:64:
5d:7f:fc:fb:58:6b:02:1a:2c:b4:df:f3:1d:33:bc:c4:8e:f9:
5c:70:0f:07:e1:51:99:17:62:2e:7d:a2:69:46:c7:ee:d8:d3:
ee:9b:aa:d0:d5:9d:90:ae:3d:26:83:51:30:73:24:4d:6c:67:
4f:f2:4c:8f:e8:b7:34:94:85:c0:4e:0e:01:5a:16:0c:44:ca:
29:f9:02:de:e0:93:38:d3:d7:22:04:40:b1:8a:02:2f:33:16:
f8:92:c2:df:b8:33:79:18:75:d0:66:87:10:6b:b1:7d:49:b6:
d1:fc:7a:2c:89:e9:51:0a:8b:38:c5:5a:03:47:93:3a:ed:60:
81:ef:99:a2:45:6a:97:46:f7:ae:be:4b:e5:4c:e6:5e:01:f4:
c0:9b:9f:f6:0d:3d:80:17:da:91:3a:d2:9e:e7:fe:7d:b8:30:
31:3c:ad:72:ab:e0:7d:5b:2b:a2:f1:9b:db:8f:09:4a:0e:a1:
a9:5e:a8:3b:fe:9c:4c:36:7b:b6:35:41:54:32:ff:72:22:c5:
0f:b4:7e:71:c9:78:04:56:fb:1f:81:87:25:b3:3a:78:56:76:
61:a9:4f:c1
-----BEGIN CERTIFICATE-----
MIICqzCCAZOgAwIBAgIQCch9LTsfhcIbTqbfJCuYzTANBgkqhkiG9w0BAQ0FADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwIBcNMjUwNTI3MTg1MTQyWhgPMjA1NTA1MjAx
ODUxNDJaMBgxFjAUBgNVBAMMDXN0YXRpb25LQTI1MDEwdjAQBgcqhkjOPQIBBgUr
gQQAIgNiAARPz9+fOso3W3FxWlCMOXOnLwQWxmaBcnCJtrpYBoNUWDcZdPilQnBB
G8HrWSZaqu0beq8OxSo/Jm49UyhtLrbGTpxz08UrlhC0LvTlBrfKzcdyILUHBYQX
ZE7L9U9Rs8ejgaAwgZ0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUnja7b0zH3oDEyxGs
S8jCESYLZIMwTwYDVR0jBEgwRoAUiniQ5fBQ54x15LjAoejpm7IanTKhGKQWMBQx
EjAQBgNVBAMMCUpGX3NlcnZlcoIUXe37kz2yqgyL2xXfvaGRzlz7ywYwEwYDVR0l
BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBDQUAA4IBAQAm
oAxX+zmLJe4NoCPzyGcntLv58RDhfoCnBPYZyriitPXb1mRdf/z7WGsCGiy03/Md
M7zEjvlccA8H4VGZF2IufaJpRsfu2NPum6rQ1Z2Qrj0mg1EwcyRNbGdP8kyP6Lc0
lIXATg4BWhYMRMop+QLe4JM409ciBECxigIvMxb4ksLfuDN5GHXQZocQa7F9SbbR
/HosielRCos4xVoDR5M67WCB75miRWqXRveuvkvlTOZeAfTAm5/2DT2AF9qROtKe
5/59uDAxPK1yq+B9Wyui8ZvbjwlKDqGpXqg7/pxMNnu2NUFUMv9yIsUPtH5xyXgE
VvsfgYclszp4VnZhqU/B
-----END CERTIFICATE-----

8
OpenVPN/Certificates/Certs/stationKA2501.req Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBDzCBlwIBADAYMRYwFAYDVQQDDA1zdGF0aW9uS0EyNTAxMHYwEAYHKoZIzj0C
AQYFK4EEACIDYgAET8/fnzrKN1txcVpQjDlzpy8EFsZmgXJwiba6WAaDVFg3GXT4
pUJwQRvB61kmWqrtG3qvDsUqPyZuPVMobS62xk6cc9PFK5YQtC705Qa3ys3HciC1
BwWEF2ROy/VPUbPHoAAwCgYIKoZIzj0EAwQDZwAwZAIwddJTP6meDC2EyDpH+EXH
HD+JsJuBuPzBwDKCLw56Ltiha0s8hOJuRnXDo2XuugQnAjB1kCBFJ5NVjmiKx2LZ
FlHo5P37lI9IOAfBuh00fIqgXzIWbUCZ9qR/uqBnc1Tk1oc=
-----END CERTIFICATE REQUEST-----

269
OpenVPN/ka2501.ovpn Normal file
View File

@ -0,0 +1,269 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote vpn.yultek.dev 1194
;remote 138.197.151.172 1194
;remote my-server-2 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
;ca ca.crt
;cert client.crt
;key client.key
# Verify server certificate by checking that the
# certificate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Note that v2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the data-ciphers option in the manpage
cipher AES-256-GCM
auth SHA256
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
#comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
key-direction 1
; script-security 2
; up /etc/openvpn/update-resolv-conf
; down /etc/openvpn/update-resolv-conf
; script-security 2
; up /etc/openvpn/update-systemd-resolved
; down /etc/openvpn/update-systemd-resolved
; down-pre
; dhcp-option DOMAIN-ROUTE .
<ca>
-----BEGIN CERTIFICATE-----
MIIDRTCCAi2gAwIBAgIUXe37kz2yqgyL2xXfvaGRzlz7ywYwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMDIyMDkyMVoXDTMzMDIx
NzIyMDkyMVowFDESMBAGA1UEAwwJSkZfc2VydmVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAnLdVAj0W31TtWGxwdBeqsdIHyUdVAEG8bX+CcNZDP3M3
R/gJOmenjqsqHYBe5gZcky1hkqWaD7l/LNmyzZDZ1lVEWpcAZqxbsUZKiHU30bxq
84L5qtaAOpwTsumidq2hBqoDBMdBmh18e0QEW624mui7ckXTRRG3PA0ccXtXcTYU
ntmhYtQ2oaPauSmfJZIUfZTfVZbB8FkCgu+zJtCx5hq46vIHm8KX0m1zLIeUtGsI
hkly+5v52f3sEMlddyoZZkfjRddETk2co09q3oNaP1LYxN5G+TvZDhpdE+PrDsNT
wO4uU2d9hVIP3T49heLieZ6KVxyp1FsDYzo0CNlIDwIDAQABo4GOMIGLMB0GA1Ud
DgQWBBSKeJDl8FDnjHXkuMCh6OmbshqdMjBPBgNVHSMESDBGgBSKeJDl8FDnjHXk
uMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvb
Fd+9oZHOXPvLBjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
AQsFAAOCAQEARIg2x4Tit/6ZydMlle6ku32t75OMCVQoe7fUkRjNe8pCkZjZXLy9
QIRwoqW3FRT8+mQjctZk3NsyLStF8Rc/fFvpjGY/hiEQ/RV1K2/IZ9hcswp/LRzQ
ElDwXhe4zlcDT10GjHYYx221SR+ijgicZcaXgb9f3uZKIrPgyb8qB4KCQS8gPtCV
1VmPM5/svVCI93G+xT92XBHa47fgV5GEn7Snah2UgFol5h7/KX/Sa2q0pfBlzqmt
CutfEbYcwSxkoLsEUIW8KMoEAIsO+KIsraS6EXlRdT82Ui+UZWVPZABlzifCl+AV
LzBrLwt2OeoEI1h65EyzzE7gDsjrE3JR/Q==
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:c8:7d:2d:3b:1f:85:c2:1b:4e:a6:df:24:2b:98:cd
Signature Algorithm: sha512WithRSAEncryption
Issuer: CN=JF_server
Validity
Not Before: May 27 18:51:42 2025 GMT
Not After : May 20 18:51:42 2055 GMT
Subject: CN=stationKA2501
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:4f:cf:df:9f:3a:ca:37:5b:71:71:5a:50:8c:39:
73:a7:2f:04:16:c6:66:81:72:70:89:b6:ba:58:06:
83:54:58:37:19:74:f8:a5:42:70:41:1b:c1:eb:59:
26:5a:aa:ed:1b:7a:af:0e:c5:2a:3f:26:6e:3d:53:
28:6d:2e:b6:c6:4e:9c:73:d3:c5:2b:96:10:b4:2e:
f4:e5:06:b7:ca:cd:c7:72:20:b5:07:05:84:17:64:
4e:cb:f5:4f:51:b3:c7
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
9E:36:BB:6F:4C:C7:DE:80:C4:CB:11:AC:4B:C8:C2:11:26:0B:64:83
X509v3 Authority Key Identifier:
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
DirName:/CN=JF_server
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha512WithRSAEncryption
Signature Value:
26:a0:0c:57:fb:39:8b:25:ee:0d:a0:23:f3:c8:67:27:b4:bb:
f9:f1:10:e1:7e:80:a7:04:f6:19:ca:b8:a2:b4:f5:db:d6:64:
5d:7f:fc:fb:58:6b:02:1a:2c:b4:df:f3:1d:33:bc:c4:8e:f9:
5c:70:0f:07:e1:51:99:17:62:2e:7d:a2:69:46:c7:ee:d8:d3:
ee:9b:aa:d0:d5:9d:90:ae:3d:26:83:51:30:73:24:4d:6c:67:
4f:f2:4c:8f:e8:b7:34:94:85:c0:4e:0e:01:5a:16:0c:44:ca:
29:f9:02:de:e0:93:38:d3:d7:22:04:40:b1:8a:02:2f:33:16:
f8:92:c2:df:b8:33:79:18:75:d0:66:87:10:6b:b1:7d:49:b6:
d1:fc:7a:2c:89:e9:51:0a:8b:38:c5:5a:03:47:93:3a:ed:60:
81:ef:99:a2:45:6a:97:46:f7:ae:be:4b:e5:4c:e6:5e:01:f4:
c0:9b:9f:f6:0d:3d:80:17:da:91:3a:d2:9e:e7:fe:7d:b8:30:
31:3c:ad:72:ab:e0:7d:5b:2b:a2:f1:9b:db:8f:09:4a:0e:a1:
a9:5e:a8:3b:fe:9c:4c:36:7b:b6:35:41:54:32:ff:72:22:c5:
0f:b4:7e:71:c9:78:04:56:fb:1f:81:87:25:b3:3a:78:56:76:
61:a9:4f:c1
-----BEGIN CERTIFICATE-----
MIICqzCCAZOgAwIBAgIQCch9LTsfhcIbTqbfJCuYzTANBgkqhkiG9w0BAQ0FADAU
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwIBcNMjUwNTI3MTg1MTQyWhgPMjA1NTA1MjAx
ODUxNDJaMBgxFjAUBgNVBAMMDXN0YXRpb25LQTI1MDEwdjAQBgcqhkjOPQIBBgUr
gQQAIgNiAARPz9+fOso3W3FxWlCMOXOnLwQWxmaBcnCJtrpYBoNUWDcZdPilQnBB
G8HrWSZaqu0beq8OxSo/Jm49UyhtLrbGTpxz08UrlhC0LvTlBrfKzcdyILUHBYQX
ZE7L9U9Rs8ejgaAwgZ0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUnja7b0zH3oDEyxGs
S8jCESYLZIMwTwYDVR0jBEgwRoAUiniQ5fBQ54x15LjAoejpm7IanTKhGKQWMBQx
EjAQBgNVBAMMCUpGX3NlcnZlcoIUXe37kz2yqgyL2xXfvaGRzlz7ywYwEwYDVR0l
BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBDQUAA4IBAQAm
oAxX+zmLJe4NoCPzyGcntLv58RDhfoCnBPYZyriitPXb1mRdf/z7WGsCGiy03/Md
M7zEjvlccA8H4VGZF2IufaJpRsfu2NPum6rQ1Z2Qrj0mg1EwcyRNbGdP8kyP6Lc0
lIXATg4BWhYMRMop+QLe4JM409ciBECxigIvMxb4ksLfuDN5GHXQZocQa7F9SbbR
/HosielRCos4xVoDR5M67WCB75miRWqXRveuvkvlTOZeAfTAm5/2DT2AF9qROtKe
5/59uDAxPK1yq+B9Wyui8ZvbjwlKDqGpXqg7/pxMNnu2NUFUMv9yIsUPtH5xyXgE
VvsfgYclszp4VnZhqU/B
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCT5IR1xQ0c5icEgDpq
ou6eTfKeJ7CrwlCMtgyjvF8VwuGiXSE35Lck/WMLwBeyBGahZANiAARPz9+fOso3
W3FxWlCMOXOnLwQWxmaBcnCJtrpYBoNUWDcZdPilQnBBG8HrWSZaqu0beq8OxSo/
Jm49UyhtLrbGTpxz08UrlhC0LvTlBrfKzcdyILUHBYQXZE7L9U9Rs8c=
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
4c828cbf0e58f927758e9471c1b6f03b
2e77b2c634bad76df0570dd8f47184d6
3921e25c6e6cbe4af4b64aad89d12425
a9fca69ae08802b5ed583632c26678b0
cc28c481c3831d1b2204dc30cd466395
ccb8cd82cd2259c956b510c9a56e842a
8693c44dca462f0ab7be3856abe9bbe1
95a6ffd3b0237225b9497c7a0df05ad8
2f2e0a8bff97c927d2890906d0105947
fa3430fc779583772382534fb880add6
8d5592fa4ff384d3e96c560019b5835f
095da9b2fb33dbfbc1ffce9560908271
ee96e02ccecc9d51b9dda79a77704a1d
4407d7c805e6950854fe232adee02a12
b09af2d9bfe04868a9e2e942dc64eb81
9e062ab9f781e52d263195a58db72ebe
-----END OpenVPN Static key V1-----
</tls-crypt>