Search the Community
Showing results for tags 'certificate'.
Found 3 results
Hello, I often use the PineAP Enterprise feature but this time instead of using a self-signed certificat, I would like to use a valid certificat (signed by a valid CA). There is no option to import it from the GUI. How should I import it with SSH (folder, name, format, etc..) ? Thank you
Hi, I'm a security architect and double up as the internal pen tester for my company. I showed my company why they shouldn't use just credentials to authenticate to the wireless network by setting up the pineapple and using PineAP to capture the creds in cleartext (using the GTC downgrade). I recommended they use a certificate on all laptops to connect to the wireless. My question is, how can I test to ensure this certificate setup is secure? Can I still capture the certificate to use myself and, if so, how? (I know I can create my own certificate to lure the users onto my rogue AP, but that won't get me onto my company's wireless network. Thank you in advance for any help! James.
Discussion Thread for Root CA installer. (No Local Admin Rights necessary) current development via: https://github.com/jrsmile/bashbunny-payloads/tree/master/payloads/library/rooter (TESTED and Working) pull request waiting. small Howto create self-signed-root-ca: Create the Root Certificate (Done Once) Creating the root certificate is easy and can be done quickly. Once you do these steps, you’ll end up with a root SSL certificate that you’ll install on all of your desktops, and a private key you’ll use to sign the certificates that get installed on your various devices. Create the Root Key The first step is to create the private root key which only takes one step. In the example below, I’m creating a 2048 bit key: openssl genrsa -out rootCA.key 2048 The standard key sizes today are 1024, 2048, and to a much lesser extent, 4096. I go with 2048, which is what most people use now. 4096 is usually overkill (and 4096 key length is 5 times more computationally intensive than 2048), and people are transitioning away from 1024. Important note: Keep this private key very private. This is the basis of all trust for your certificates, and if someone gets a hold of it, they can generate certificates that your browser will accept. You can also create a key that is password protected by adding -des3: openssl genrsa -des3 -out rootCA.key 2048 You’ll be prompted to give a password, and from then on you’ll be challenged password every time you use the key. Of course, if you forget the password, you’ll have to do all of this all over again. The next step is to self-sign this certificate. openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem This will start an interactive script which will ask you for various bits of information. Fill it out as you see fit. You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Oregon Locality Name (eg, city) :Portland Organization Name (eg, company) [Internet Widgits Pty Ltd]:Overlords Organizational Unit Name (eg, section) :IT Common Name (eg, YOUR name) :Data Center Overlords Email Address :firstname.lastname@example.org Once done, this will create an SSL certificate called rootCA.pem, signed by itself, valid for 1024 days, and it will act as our root certificate. The interesting thing about traditional certificate authorities is that root certificate is also self-signed. But before you can start your own certificate authority, remember the trick is getting those certs in every browser in the entire world.