|
projects:asyd-ca 2006/01/09 20:45 |
projects:asyd-ca 2008/10/03 08:25 current |
| | | | |
| | This is a little perl script to manage a Certification Authority using | | This is a little perl script to manage a Certification Authority using |
| - | the openssl command. Though, unlike CA.[sh|pl] (from OpenSSL) it is very | + | the openssl command. Though, like CA.[sh|pl] (from OpenSSL) it is very |
| | simple to use, and it ask only few questions. It comes with few | | simple to use, and it ask only few questions. It comes with few |
| | templates files. One of these can be use to create wildcard certificates. | | templates files. One of these can be use to create wildcard certificates. |
| | + | |
| | + | Any suggestion, bug report, feature request (include template) are welcome. |
| | | | |
| | ===== Features ===== | | ===== Features ===== |
| | The content of each directory is explain below. | | The content of each directory is explain below. |
| | | | |
| - | ==== Create a certificat ==== | + | ==== Create a certificate request ==== |
| | | | |
| | Note: You can edit the file //templates/simple.cnf//, especially the field with //_default// suffix. These values are the default one (but can be override) used by openssl while prompting | | Note: You can edit the file //templates/simple.cnf//, especially the field with //_default// suffix. These values are the default one (but can be override) used by openssl while prompting |
| | probably know, the field CN (CommonName) of a service certificate (e.g. https) | | probably know, the field CN (CommonName) of a service certificate (e.g. https) |
| | **MUST** match the DNS name used to reach the service. | | **MUST** match the DNS name used to reach the service. |
| | + | |
| | + | ==== Sign a certificate request ==== |
| | + | |
| | + | <code> |
| | + | # ./asyd-ca.pl sign jboss |
| | + | [skip openssl useless output] |
| | + | Sign the certificate? [y/n]:y |
| | + | 1 out of 1 certificate requests certified, commit? [y/n]y |
| | + | </code> |
| | + | |
| | + | I'm now able to use the certificate, using file //certs/jboss.pem//. Though, |
| | + | in the special case of Jboss, I need a pkcs12 file, so I just do : |
| | + | |
| | + | <code> |
| | + | # ./asyd-ca.pl pkcs12 jboss |
| | + | Enter export password: |
| | + | Verifying - Enter export password: |
| | + | # ls -l pkcs12/jboss.p12 |
| | + | -rw-r----- 1 asyd asyd 2288 2006-01-09 20:50 pkcs12/jboss.p12 |
| | + | </code> |
| | + | |
| | + | Since a PKCS12 file include a key, a password is recommanded. |
| | | | |
| | ===== Docs ===== | | ===== Docs ===== |
| | ===== Download ===== | | ===== Download ===== |
| | | | |
| - | * Coming soon | + | ^ SVN | <code>svn co https://svn.asyd.net/svn/asyd-ca/releases/0.1/ SSL </code>| |
| | + | ^ Files | [[http://asyd.net/upstream/asyd-ca01.tar.gz|tar.gz]] | |
| | | | |
| | ===== Roadmap ===== | | ===== Roadmap ===== |
| | * Export cert (including CRL) to LDAP | | * Export cert (including CRL) to LDAP |
| | * Remove openssl output when useless | | * Remove openssl output when useless |
| | + | |
| | + | ~~DISCUSSION~~ |
