guardicore/monkey

Investigate using New-SelfSignedCertificate in windows deployment script

Open

#980 opened on Feb 22, 2021

View on GitHub
 (3 comments) (0 reactions) (0 assignees)Python (6,250 stars) (752 forks)batch import
Beginner friendlyComplexity: MediumHelp wantedImpact: Low

Description

The windows deployment scripts use OpenSSL to create self-signed certificates. We may be able to remove some complexity in the windows deployment scripts by using powershell's New-SelfSignedCertificate (https://medium.com/the-new-control-plane/generating-self-signed-certificates-on-windows-7812a600c2d8) instead of relying on openssl.

We need to investigate and ensure that openssl isn't needed for any other purpose before making this change.

Contributor guide

Tech stack
shell
Domain
devops
Issue type
research
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
PowerShell basicsCertificate generation knowledgeDeployment script structure
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
50
Research direction
Investigate the Windows deployment scripts at deployment scripts/deploy windows.ps1 to determine if OpenSSL usage can be replaced with PowerShell's New SelfSignedCertificate. Check if OpenSSL is used elsewhere in the repository for other purposes. If replacement is feasible, ensure that the new approach works on all supported Windows versions.