Change default cert permissions in bat script for creating default cert

This commit is contained in:
Shreya 2021-06-09 12:43:55 +05:30 committed by Mike Salvatore
parent 011ab2a393
commit f1d85dbc44
1 changed files with 14 additions and 0 deletions

View File

@ -16,3 +16,17 @@ copy "%mydir%windows\openssl.cfg" "%mydir%bin\openssl\openssl.cfg"
"%mydir%bin\openssl\openssl.exe" genrsa -out "%mydir%cc\server.key" 1024 "%mydir%bin\openssl\openssl.exe" genrsa -out "%mydir%cc\server.key" 1024
"%mydir%bin\openssl\openssl.exe" req -new -config "%mydir%bin\openssl\openssl.cfg" -key "%mydir%cc\server.key" -out "%mydir%cc\server.csr" -subj "/OU=Monkey Department/CN=monkey.com" "%mydir%bin\openssl\openssl.exe" req -new -config "%mydir%bin\openssl\openssl.cfg" -key "%mydir%cc\server.key" -out "%mydir%cc\server.csr" -subj "/OU=Monkey Department/CN=monkey.com"
"%mydir%bin\openssl\openssl.exe" x509 -req -days 366 -in "%mydir%cc\server.csr" -signkey "%mydir%cc\server.key" -out "%mydir%cc\server.crt" "%mydir%bin\openssl\openssl.exe" x509 -req -days 366 -in "%mydir%cc\server.csr" -signkey "%mydir%cc\server.key" -out "%mydir%cc\server.crt"
:: Change file permissions
SET adminsIdentity="BUILTIN\Administrators"
FOR /f %%O IN ('whoami') DO SET ownIdentity=%%O
FOR %%F IN ("%mydir%cc\server.key", "%mydir%cc\server.csr", "%mydir%cc\server.crt") DO (
:: Remove all others and add admins rule (with full control)
echo y| cacls %%F" /p %adminsIdentity%:F
:: Add user rule (with read)
echo y| cacls %%F /e /p %ownIdentity%:R
)