|
projects:asyd-ca 2006/01/09 20:32 |
projects:asyd-ca 2008/10/03 08:25 current |
| | | | |
| | This is a little perl script to manage a Certification Authority using | | This is a little perl script to manage a Certification Authority using |
| - | the openssl command. Though, unlike CA.[sh|pl] (from OpenSSL) it is very | + | the openssl command. Though, like CA.[sh|pl] (from OpenSSL) it is very |
| | simple to use, and it ask only few questions. It comes with few | | simple to use, and it ask only few questions. It comes with few |
| | templates files. One of these can be use to create wildcard certificates. | | templates files. One of these can be use to create wildcard certificates. |
| | + | |
| | + | Any suggestion, bug report, feature request (include template) are welcome. |
| | | | |
| | ===== Features ===== | | ===== Features ===== |
| | * Very easy to use, no OpenSSL knowledges required, but theirs are welcome | | * Very easy to use, no OpenSSL knowledges required, but theirs are welcome |
| | * asyd-ca.pl doesn't require Openssl templates | | * asyd-ca.pl doesn't require Openssl templates |
| | + | * Extend it via Openssl's templates files (require good OpenSSL knowledges) |
| | | | |
| | ===== Demo ===== | | ===== Demo ===== |
| | The content of each directory is explain below. | | The content of each directory is explain below. |
| | | | |
| - | ==== Create a certificat ==== | + | ==== Create a certificate request ==== |
| | | | |
| - | Note: You can edit the file //templates/simple.cnf//, especially the field with //_default// suffix. These values are the default one (but can be override) used by openssl prompting | + | Note: You can edit the file //templates/simple.cnf//, especially the field with //_default// suffix. These values are the default one (but can be override) used by openssl while prompting |
| | for the certificat request informations. | | for the certificat request informations. |
| | + | |
| | + | <code> |
| | + | # ./asyd-ca.pl req jboss |
| | + | [skip openssl useless output] |
| | + | Organization Name (required) [asyd.net]: |
| | + | Country Name (2 letter code, required) [FR]: |
| | + | Email Address (optional) [asyd@asyd.net]: |
| | + | Common Name (MUST match the DNS name) [www.asyd.net]:jboss.asyd.net |
| | + | Organizational Unit Name (optional) []: |
| | + | </code> |
| | + | |
| | + | As you can see, I use default value set in templates/simple.cnf, except |
| | + | for the common name, where I override the value with //jboss.asyd.net//. As you |
| | + | probably know, the field CN (CommonName) of a service certificate (e.g. https) |
| | + | **MUST** match the DNS name used to reach the service. |
| | + | |
| | + | ==== Sign a certificate request ==== |
| | + | |
| | + | <code> |
| | + | # ./asyd-ca.pl sign jboss |
| | + | [skip openssl useless output] |
| | + | Sign the certificate? [y/n]:y |
| | + | 1 out of 1 certificate requests certified, commit? [y/n]y |
| | + | </code> |
| | + | |
| | + | I'm now able to use the certificate, using file //certs/jboss.pem//. Though, |
| | + | in the special case of Jboss, I need a pkcs12 file, so I just do : |
| | + | |
| | + | <code> |
| | + | # ./asyd-ca.pl pkcs12 jboss |
| | + | Enter export password: |
| | + | Verifying - Enter export password: |
| | + | # ls -l pkcs12/jboss.p12 |
| | + | -rw-r----- 1 asyd asyd 2288 2006-01-09 20:50 pkcs12/jboss.p12 |
| | + | </code> |
| | + | |
| | + | Since a PKCS12 file include a key, a password is recommanded. |
| | | | |
| | ===== Docs ===== | | ===== Docs ===== |
| | ===== Download ===== | | ===== Download ===== |
| | | | |
| - | * Coming soon | + | ^ SVN | <code>svn co https://svn.asyd.net/svn/asyd-ca/releases/0.1/ SSL </code>| |
| | + | ^ Files | [[http://asyd.net/upstream/asyd-ca01.tar.gz|tar.gz]] | |
| | | | |
| | ===== Roadmap ===== | | ===== Roadmap ===== |
| | * Export cert (including CRL) to LDAP | | * Export cert (including CRL) to LDAP |
| | * Remove openssl output when useless | | * Remove openssl output when useless |
| | + | |
| | + | ~~DISCUSSION~~ |
