Update SSL Certificate Request

VSCode SSH - Allows using VSCode to build code as if you were on remote machine. - Remote machine will still need dotnet SDK Added AppSetting Markdown
2025-04-02 16:13:03 -07:00
3 changed files with 274 additions and 9 deletions
--- a/.NET/app-settings.md
+++ b/.NET/app-settings.md
@ -0,0 +1,116 @@
 # AppSettings
 ## User Secrets Initialization
 - [app-secrets](https://learn.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-9.0&tabs=windows)
 ```bash 1733926424710 = 638695232247100000 = Wed Dec 11 2024 07:13:44 GMT-0700 (Mountain Standard Time)
 dotnet user-secrets -p File-Folder-Helper.csproj init
 ```
 - [app-secrets](https://learn.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-9.0&tabs=windows)
 ## User Secrets Add Entry
 ```bash 1733926491404 = 638695232914040000 = Wed Dec 11 2024 07:14:50 GMT-0700 (Mountain Standard Time)
 dotnet user-secrets -p File-Folder-Helper.csproj set Name Value
 ```
 ## Optional Symbolic Link in Windows
 - Similar to Linux command ```ln -s```
 ```bash 1733926521307 = 638695233213070000 = Wed Dec 11 2024 07:15:20 GMT-0700 (Mountain Standard Time)
 mklink /J "L:\DevOps\Mesa_FI\File-Folder-Helper\.vscode\.UserSecrets" "C:\Users\phares\AppData\Roaming\Microsoft\UserSecrets\8da397d4-13ec-4576-9722-3c79cad25563"
 ```
 ## .NET Package Reference
 ```xml 1733926548840 = 638695233488400000 = Wed Dec 11 2024 07:15:48 GMT-0700 (Mountain Standard Time)
 <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.1" />
 ```
 ## Example Record (Class)
 - ToString is optional for recursive debug and isn't used in code
 - Verify method helps debug where project is looking for configuration entries
 - ```configurationRoot.Get<AppSettings>();``` is builtin method to deserialize
 - JsonSerializerContext is optional for using AOT builds
 ```csharp 1733926601507 = 638695234015070000 = Wed Dec 11 2024 07:16:41 GMT-0700 (Mountain Standard Time)
 using Microsoft.Extensions.Configuration;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 namespace File_Folder_Helper.Models;
 public record AppSettings(string Company,
                          string DefaultNoteType,
                          string[] ExcludeDirectoryNames,
                          string[] ExcludeSchemes,
                          string PersonBirthdayFormat,
                          string[] ValidImageFormatExtensions,
                          string WorkingDirectoryName)
 {
    public override string ToString()
    {
        string result = JsonSerializer.Serialize(this, AppSettingsSourceGenerationContext.Default.AppSettings);
        return result;
    }
    private static void Verify(IConfigurationRoot configurationRoot, AppSettings? appSettings)
    {
        if (appSettings?.Company is null || string.IsNullOrEmpty(appSettings.Company))
        {
            List<string> paths = [];
            foreach (IConfigurationProvider configurationProvider in configurationRoot.Providers)
            {
                if (configurationProvider is not Microsoft.Extensions.Configuration.Json.JsonConfigurationProvider jsonConfigurationProvider)
                    continue;
                if (jsonConfigurationProvider.Source.FileProvider is not Microsoft.Extensions.FileProviders.PhysicalFileProvider physicalFileProvider)
                    continue;
                paths.Add(physicalFileProvider.Root);
            }
            throw new NotSupportedException($"Not found!{Environment.NewLine}{string.Join(Environment.NewLine, paths.Distinct())}");
        }
    }
    public static AppSettings Get(IConfigurationRoot configurationRoot)
    {
        AppSettings? result;
 #pragma warning disable IL3050, IL2026
        result = configurationRoot.Get<AppSettings>();
 #pragma warning restore IL3050, IL2026
        Verify(configurationRoot, result);
        if (result is null)
            throw new Exception("Not set!");
        return result;
    }
 }
 [JsonSourceGenerationOptions(WriteIndented = true)]
 [JsonSerializable(typeof(AppSettings))]
 internal partial class AppSettingsSourceGenerationContext : JsonSerializerContext
 {
 }
 ```
 ## AddUserSecrets to Program.cs
 ```csharp 1733926619366 = 638695234193660000 = Wed Dec 11 2024 07:16:58 GMT-0700 (Mountain Standard Time)
 builder.Configuration.AddUserSecrets<Program>();
 ```
 ## Get Instance of Record to Program.cs
 ```csharp 1733926659168 = 638695234591680000 = Wed Dec 11 2024 07:17:38 GMT-0700 (Mountain Standard Time)
 AppSettings appSettings = AppSettings.Get(builder.Configuration);
 ```
 ## Add Instance to be Used as Dependency Injected Object
 ```csharp 1733926695948 = 638695234959480000 = Wed Dec 11 2024 07:18:15 GMT-0700 (Mountain Standard Time)
 builder.Services.AddSingleton(appSettings);
 ```
--- a/.NET/vscode-ssh.md
+++ b/.NET/vscode-ssh.md
@ -0,0 +1,138 @@
 # VSCode SSH
 - Allows using VSCode to build code as if you were on remote machine.
 - Remote machine will still need dotnet SDK
 ## Offline Installer
 - Download and copy to servers that can't reach github.com
 - [openssh-portable](https://github.com/PowerShell/openssh-portable)
 ## PowerShell Installer
 - PowerShell Administrator
 ```PowerShell Administrator 1736187016914 = 638717838169140000 = Mon Jan 06 2025 11:10:16 GMT-0700 (Mountain Standard Time)
 Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
 # Install the OpenSSH Client
 Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
 # Install the OpenSSH Server
 Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
 ```
 ## Key Generation
 - Run with any user
 ```PowerShell 1736187033768 = 638717838337680000 = Mon Jan 06 2025 11:10:33 GMT-0700 (Mountain Standard Time)
 ssh-keygen -t ed25519
 ```
 ## Authentication via Public Key
 - PowerShell Administrator
 ```PowerShell Administrator 1736187105777 = 638717839057770000 = Mon Jan 06 2025 11:11:45 GMT-0700 (Mountain Standard Time)
 copy $env:USERPROFILE\.ssh\id_ed25519.pub C:\ProgramData\ssh\authorized_keys
 copy $env:USERPROFILE\.ssh\id_ed25519.pub C:\ProgramData\ssh\administrators_authorized_keys
 icacls.exe "C:\ProgramData\ssh\authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
 icacls.exe "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
 ```
 - Configuration allows for public key authentication
 - Removes higher risk password authentication
 ```conf 1736187108739 = 638717839087390000 = Mon Jan 06 2025 11:11:48 GMT-0700 (Mountain Standard Time)
 ...
 PubkeyAuthentication yes
 ...
 PasswordAuthentication no
 ...
 ```
 ## Firewall
 - Open Windows Firewall with Advanced Security GUI
 - Add new Inbound Rule for port 22
 - Change Profiles to only enable domain
 - Change scope to remote ip for your machine
 ```bash 1736187743528 = 638717845435280000 = Mon Jan 06 2025 11:22:23 GMT-0700 (Mountain Standard Time)
 wf.msc
 ```
 - Exported list for the two inbound rules
 ```tsv 1736187853968 = 638717846539680000 = Mon Jan 06 2025 11:24:13 GMT-0700 (Mountain Standard Time)
 Name	Group	Profile	Enabled	Action	Override	Program	Local Address	Remote Address	Protocol	Local Port	Remote Port	Authorized Users	Authorized Computers	Authorized Local Principals	Local User Owner	Application Package	
 OpenSSH SSH Server Preview (sshd)		Private	Yes	Allow	No	C:\Program Files\OpenSSH\sshd.exe	Any	Any	TCP	22	Any	Any	Any	Any	Any	Any	
 SSH		Domain	Yes	Allow	No	Any	Any	10.64.233.125	TCP	22	Any	Any	Any	Any	Any	Any	
 ```
 - Command line add inbound rule SSH
 ```bash 1736188562695 = 638717853626950000 = Mon Jan 06 2025 11:36:02 GMT-0700 (Mountain Standard Time)
 netsh advfirewall firewall add rule name="SSH" dir=in action=allow enable=yes profile=domain remoteip=10.64.233.125 localport=22 protocol=TCP
 ```
 - Command line to add remote IP
 ```bash 1736188289189 = 638717850891890000 = Mon Jan 06 2025 11:31:28 GMT-0700 (Mountain Standard Time)
 netsh advfirewall firewall set rule name="SSH" new remoteip=10.64.233.125
 ```
 - Command line to enable rule
 ```bash 1736188447588 = 638717852475880000 = Mon Jan 06 2025 11:34:07 GMT-0700 (Mountain Standard Time)
 netsh advfirewall firewall set rule name="SSH" new enable=yes
 ```
 ## Local Key Generation
 - Replace user
 - Run on local machine
 - Add output to remote machine
 ```PowerShell 1736190383218 = 638717871832180000 = Mon Jan 06 2025 12:06:22 GMT-0700 (Mountain Standard Time)
 ssh-keygen -t ed25519
 more "C:/Users/user/.ssh/id_ed25519.pub"
 echo "C:\ProgramData\ssh\authorized_keys"
 echo "C:\ProgramData\ssh\administrators_authorized_keys"
 ```
 ## Test Connection
 - Replace user and machine
 ```bash 1736187372778 = 638717841727780000 = Mon Jan 06 2025 11:16:12 GMT-0700 (Mountain Standard Time)
 ssh user@machine.infineon.com -i C:/Users/user/.ssh/id_ed25519
 ```
 ## VSCode
 - Install VSCode extension ms-vscode-remote.remote-ssh
 - Add machine to VSCode Remote Explorer
 - Example after adding machine to Remote Explorer "C:\Users\phares\.ssh\config"
 ```conf 1736189363973 = 638717861639730000 = Mon Jan 06 2025 11:49:23 GMT-0700 (Mountain Standard Time)
 Host mestsa003.infineon.com
  HostName mestsa003.infineon.com
  User mesphares
  IdentityFile C:/Users/phares/.ssh/id_ed25519
 Host mestsa05ec.infineon.com
  HostName mestsa05ec.infineon.com
  User mesphares
  IdentityFile C:/Users/phares/.ssh/id_ed25519
 Host mestsa07ec.infineon.com
  HostName mestsa07ec.infineon.com
  User mesphares
  IdentityFile C:/Users/phares/.ssh/id_ed25519
 Host messa010ec.infineon.com
  HostName messa010ec.infineon.com
  User mesphares
  IdentityFile C:/Users/phares/.ssh/id_ed25519
 ```
--- a/DevOps/dns-and-ssl.md
+++ b/DevOps/dns-and-ssl.md
@ -8,27 +8,38 @@ updated: 2023-07-08T03:32:53.694Z
 ## DNS Order
-https://smptools.infineon.com/smptinyurl/orderable/?name=SSO-New%20DNS%20Entry%20%281%29
+- [dns-entry](https://smptools.infineon.com/smptinyurl/orderable/?name=SSO-New%20DNS%20Entry%20%281%29)
 ![DNS Entries](Images/image-2023-4-26_12-24-36.png)
-## Server Certificate (SSL/TLS) Order
+## Self-signed Certificate
 https://smptools.infineon.com/smptinyurl/orderable/?name=SSO-Certificate%20Request
 ```bash
 cd "C:\Program Files\Git\usr\bin"
 openssl
-req -x509 -nodes -days 365 -newkey rsa:2048 -keyout L:\Git\NGINX-Conf\conf\includes\localhost.key -out L:\Git\NGINX-Conf\conf\includes\localhost.crt -config L:\Git\NGINX-Conf\conf\includes\localhost.conf
+req -x509 -nodes -days 365 -newkey rsa:2048 -keyout "L:\Git\NGINX-Conf\conf\includes\localhost.key" -out "L:\Git\NGINX-Conf\conf\includes\localhost.crt" -config "L:\Git\NGINX-Conf\conf\includes\localhost.conf"
 req -newkey rsa:2048 -keyout L:\Git\NGINX-Conf\conf\includes\localhost.key -out L:\Git\NGINX-Conf\conf\includes\certificate-signing-request.csr -config L:\Git\NGINX-Conf\conf\includes\localhost.conf
 ```
 ```conf
 ssl_certificate "includes/localhost.crt";
 ssl_certificate_key "includes/localhost.key";
 ```
 ## Server Certificate (SSL/TLS) Order
 - [certificate-request](https://smptools.infineon.com/smptinyurl/orderable/?name=SSO-Certificate%20Request)
 ![Certificate Request](Images/image-2023-4-26_12-25-33.png)
 ### Example for eaf-dev-reporting.mes.infineon.com
 ```bash
-# ssl_certificate "includes/localhost.crt";
+cd "C:\Program Files\Git\usr\bin"
-# ssl_certificate_key "includes/localhost.key";
+openssl
 req -newkey rsa:2048 -keyout "L:\Git\NGINX-Conf\conf\includes\eaf-dev-reporting.mes.infineon.com.key" -out "L:\Git\NGINX-Conf\conf\includes\certificate-signing-request.csr" -config "L:\Git\NGINX-Conf\conf\includes\eaf-dev-reporting.mes.infineon.com.conf"
 ```
 ```conf
 ssl_certificate "includes/eaf-dev-reporting.mes.infineon.com.cer";
 ssl_password_file "includes/eaf-dev-reporting.mes.infineon.com.pass";
 ssl_certificate_key "includes/eaf-dev-reporting.mes.infineon.com.key";