# Self Signed Certificate Authority

• Self Signed Certificate Authority
  • Summary
  • Example Certificate Authority Creation
    • Create Host Certificate
  • Install on Snake Windows Domain
  • Update on Kali box
    • Install custom certificate on Kali box
    • Setup nato-int[.]com redirect
    • Update Wordpress installation
    • Send Carbon Scenario Email

CloudFlare's CFSSL project was used to generate a certificate authority, intermediate certificate, and host certificate for the scenario, to emulate a valid issued TLS certificate.

The following provides an example of how to generate the CA, intermediate CA, and host certificate using CFSSL. A full explanation of CFSSL can be found on the project GitHub page.

1. Update ca.json, intermediate-ca.json, and host1.json as appropriate to reflect the new certificate authority, certificate authority intermediate certificate, and host certificate for web host.
2. The cfssl.json provided has the needed roles predefined, but may need to be modified based on your particular needs.
3. Run the following commands to generate the CA certificate, and intermediate issuing certificate:

cfssl gencert -initca ca.json|cfssljson -bare ca
cfssl gencert -initca intermediate-ca.json| cfssljson -bare intermediate_ca
cfssl sign -ca ca.pem -ca-key ca-key.pem -config cfssl.json -profile intermediate_ca intermediate_ca.csr | cfssljson -bare intermediate_ca

1. Run the following command:

2.   cfssl gencert -ca intermediate_ca.pem -ca-key intermediate_ca-key.pem -config cfssl.json -profile=server host1.json|cfssljson -bare host-1-server

3. Jobs done.

Use Group Policy to deploy trusted certificate on domain.

1. Connect to Snake Active Directory controller (berlios)
2. Follow directions from Microsoft to trust certificate authority and intermediate certificate on domain.
3. Deploy updated group policy to nk domain.

From Kali, run kali-install-custom-certs.sh

From Kali, run kali-set-nato-int-redirect.sh

From Kali, run kali-update-wp.sh

From Kali, run kali-send-email.sh