520-rdp-enc-setup
#!/bin/bash
#
# Encrypt RDP
# Generate and save cert/keys to be used by individual VM
#
if [ "$UID" -ne 0 ]
  then echo "This script should be run as root."
  exit 1
fi
#
VM_VB_CONFIG_DIR=/etc/vbox
if [ ! -d "$VM_VB_CONFIG_DIR" ]; then mkdir -p $VM_VB_CONFIG_DIR; fi
# Set sticky bit
chmod 1775 $VM_VB_CONFIG_DIR
#
VM_VB_CERT_DIR=$VM_VB_CONFIG_DIR/tls
if [ ! -d "$VM_VB_CERT_DIR" ]; then mkdir -p $VM_VB_CERT_DIR; fi
# Set the Directory to the VirtualBox group
chgrp -R vboxusers $VM_VB_CONFIG_DIR
VM_VB_RDP_ENCRYPT_CA_KEY=$VM_VB_CERT_DIR/ca_key.pem
VM_VB_RDP_ENCRYPT_CA_CERT=$VM_VB_CERT_DIR/ca_crt.pem
VM_VB_RDP_SERVER_KEY=$VM_VB_CERT_DIR/sr_key.pem
VM_VB_RDP_SERVER_CERT=$VM_VB_CERT_DIR/sr_crt.pem
VM_VB_RDP_SERVER_SIGN_REQUEST=$VM_VB_CERT_DIR/sr_req.pem
VM_VB_RDP_CERT_VALID_DAYS=36524
VM_VB_RDP_PASS_PHRASE=`date|md5sum|cut -b5-16`
#
echo "Create a CA self signed certificate"
openssl req -new -x509 -days $VM_VB_RDP_CERT_VALID_DAYS \
        -passout pass:${VM_VB_RDP_PASS_PHRASE} \
        -extensions v3_ca \
        -keyout $VM_VB_RDP_ENCRYPT_CA_KEY \
        -out $VM_VB_RDP_ENCRYPT_CA_CERT
#
echo "Generate a server private key"
openssl genrsa -out $VM_VB_RDP_SERVER_KEY
#
echo "Generate request for signing the server private key"
openssl req -new -key $VM_VB_RDP_SERVER_KEY \
        -out $VM_VB_RDP_SERVER_SIGN_REQUEST
#
echo "Generate the server certificate"
openssl x509 -req -days $VM_VB_RDP_CERT_VALID_DAYS \
        -passin pass:${VM_VB_RDP_PASS_PHRASE} \
        -in $VM_VB_RDP_SERVER_SIGN_REQUEST \
        -CA $VM_VB_RDP_ENCRYPT_CA_CERT \
        -CAkey $VM_VB_RDP_ENCRYPT_CA_KEY \
        -set_serial 01 -out $VM_VB_RDP_SERVER_CERT
#
# Set permissions and group
chmod o-rwx ${VM_VB_CERT_DIR}/*
chmod g+r ${VM_VB_CERT_DIR}/*
chgrp vboxusers ${VM_VB_CERT_DIR}/*
exit