GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → frntn → pki-manager

frntn / pki-manager

Licence: MIT license
IT Freelancers : Manage small PKI for multiple projects (or clients) with 2 bash scripts

Programming Languages

shell
77523 projects

Labels

wrappercertificateopensslx509pkipkcs12

Projects that are alternatives of or similar to pki-manager

x509sak
X.509 Swiss Army Knife is a toolkit atop OpenSSL to ease generation of CAs and aid white-hat pentesting
Stars: ✭ 23 (-36.11%)
Mutual labels:  certificate, openssl, x509, pki
Ssl Checker
Python script that collects SSL/TLS information from hosts
Stars: ✭ 94 (+161.11%)
Mutual labels:  certificate, openssl, x509
Certlint
X.509 certificate linter, written in Go
Stars: ✭ 60 (+66.67%)
Mutual labels:  certificate, x509, pki
pki
Certificate Authority management suite
Stars: ✭ 23 (-36.11%)
Mutual labels:  openssl, x509, pki
openssl ca
openssl_ca with QT GUI
Stars: ✭ 16 (-55.56%)
Mutual labels:  certificate, openssl, pki
Pspki
PowerShell PKI Module
Stars: ✭ 189 (+425%)
Mutual labels:  certificate, x509, pki
Aspnetcorecertificates
Certificate Manager in .NET Core for creating and using X509 certificates
Stars: ✭ 135 (+275%)
Mutual labels:  certificate, x509, pki
Forge
A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps
Stars: ✭ 4,204 (+11577.78%)
Mutual labels:  certificate, x509, pkcs12
Openssl Nodejs
is a package which gives you a possibility to run every OpenSSL command 🔒 in Node.js in a handy way. Moreover, parameters like -in, -keyin, -config and etc can be replaced by a raw data (Buffor).
Stars: ✭ 25 (-30.56%)
Mutual labels:  certificate, openssl, x509
X509
Elixir package for working with X.509 certificates, Certificate Signing Requests (CSRs), Certificate Revocation Lists (CRLs) and RSA/ECC key pairs
Stars: ✭ 68 (+88.89%)
Mutual labels:  certificate, x509, pki
Vault Openvpn
Small wrapper utility to manage OpenVPN configuration combined with a Vault PKI
Stars: ✭ 112 (+211.11%)
Mutual labels:  certificate, pki
Cfrpki
Cloudflare's RPKI Toolbox
Stars: ✭ 104 (+188.89%)
Mutual labels:  certificate, pki
Pki
The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
Stars: ✭ 97 (+169.44%)
Mutual labels:  certificate, pki
freeipa-issuer
A cert-manager external issuer for FreeIPA
Stars: ✭ 22 (-38.89%)
Mutual labels:  certificate, pki
rfc3161timestampingserver
This project offers a rfc 3161 compliant timestamping authority/server
Stars: ✭ 30 (-16.67%)
Mutual labels:  x509, pki
win-ca
Get Windows System Root certificates
Stars: ✭ 78 (+116.67%)
Mutual labels:  openssl, x509
Acmetool
🔒 acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)
Stars: ✭ 1,882 (+5127.78%)
Mutual labels:  certificate, x509
Icingaweb2 Module X509
Keeps track of certificates as they are deployed in a network environment.
Stars: ✭ 78 (+116.67%)
Mutual labels:  certificate, x509
Easycert
EasyCert quickly generates web server TLS certificates that have been self-signed by a private certificate authority that it also creates.
Stars: ✭ 121 (+236.11%)
Mutual labels:  certificate, openssl
Mutual Tls Ssl
🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC examples are included
Stars: ✭ 163 (+352.78%)
Mutual labels:  certificate, openssl
View All Similar Projects ➔

frntn/pki-manager

Description

Manage small PKI for multiple projects with 2 bash scripts :

  • 01_generate_CA.sh: used once to create a dedicated CA for a specific project (usually a client)
  • 02_generate_CRT.sh: used as many time as needed to create either :
    • server certificates (x509) for your SSL-enabled server configuration
    • client certificates (p12) for your advanced and more secure client authentication (no more HTTP Basic Auth...)

TL;DR

First create the CA:

$ ./01_generate_CA.sh -p demo

Then create a server certificate (x509) and/or a client certificate (p12):

$ ./02_generate_CRT.sh -p demo -t server -n "*.example.com"
$ ./02_generate_CRT.sh -p demo -t client -n "Matthieu Fronton"

Basic Usage

RTFM

Use -h to get basic help usage from each script. In addition, scripts output is fairly detailed to explain what has been generated, where is it located and what to do with it.

Advanced Usage

Override everything

All the subject fields of the certificates can be overridden with environment variables to fit with your own needs :

  • Country : CRT_C
  • Location : CRT_L
  • Organization : CRT_O
  • Organizational Unit : CRT_OU
  • Common Name : CRT_CN (if used in combination with -n name, the latter takes precedence)

Example below :

$ export CRT_C="US" CRT_L="Mountain View" CRT_O="iPhone Killer" CRT_OU="Snipers" CRT_CN="Larry Page"
$ ./02_generate_CRT.sh -p demo -t client
...
subject=/C=US/L=Mountain View/O=iPhone Killer/OU=Snipers/CN=Larry Page
...

Same principle applies to CA generation : you can also override the subject fields of the CA certificate using CA_C, CA_L, CA_O, CA_OU or CA_CN.

Full PKI Example

The CA:

export CA_O="Cyberdyne Systems" CA_OU="Research" 
./01_generate_CA.sh -p "Terminator"

The SERVERS:

export CRT_O="Cyberdyne Systems" CRT_OU="Research-Cyborgs"
./02_generate_CRT.sh -p "Terminator" -t server -n "t-800.intra.cyberdyne"
./02_generate_CRT.sh -p "Terminator" -t server -n "t-1000.intra.cyberdyne"

The USERS:

export CRT_O="Connors Family" CRT_OU="Insurgent"
./02_generate_CRT.sh -p "Terminator" -t client -n "Kyle Reese"
./02_generate_CRT.sh -p "Terminator" -t client -n "Sarah Connor"
./02_generate_CRT.sh -p "Terminator" -t client -n "John Connor"

export CRT_O="US Air Force" CRT_OU="Sergeant"
./02_generate_CRT.sh -p "Terminator" -t client -n "William Candy"

The above generate the following certificates subjects :

$ for i in Terminator/server*.crt; do openssl x509 -in $i -noout -subject | awk '{print "x509> "$0}'; done
x509> subject= /C=FR/L=Paris/O=Cyberdyne Systems/OU=Research-Cyborgs/CN=t-800.intra.cyberdyne
x509> subject= /C=FR/L=Paris/O=Cyberdyne Systems/OU=Research-Cyborgs/CN=t-1000.intra.cyberdyne

$ for i in Terminator/client*.p12; do openssl pkcs12 -nokeys -info -in $i -passin file:${i}.pass 2>/dev/null| grep -E "subject=" | awk '{print "pkcs12> "$0}'; done
pkcs12> subject=/C=FR/L=Paris/O=Connors Family/OU=Insurgent/CN=Kyle Reese
pkcs12> subject=/C=FR/L=Paris/O=Connors Family/OU=Insurgent/CN=Sarah Connor
pkcs12> subject=/C=FR/L=Paris/O=Connors Family/OU=Insurgent/CN=John Connor
pkcs12> subject=/C=FR/L=Paris/O=US Air Force/OU=Sergeant/CN=William Candy

Finally

You may want to save your generated files in a secured git repository...

cd Terminator/
git init
git add *
git commit -m "First Commit"
git remote add origin [email protected]:PKIs/terminator-pki.git
git push -u origin master
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].