SSL-CA
This utility automates generating an SSL certificate authority, keys and signed certificates. The only dependecy is openssl. The usage in mind is testing and internal environments, therefore some security measures (like revokation) are not available in the current implemetation.
Installation
git clone https://www.shore.co.il/cgit/ssl-ca
cd ssl-ca
sudo make installUsage
This will generate, inside the new directory, the directory stucture, a starting configuration for starting work and a new CA key and certificate.
$ mkdir domain.tld
$ cd domain.tld
$ ssl-ca init
Generating RSA private key, 512 bit long modulus
.++++++++++++
......++++++++++++
e is 65537 (0x10001)To generate a new key and certificate for the www host, the key will at
keys/www and the certificate at certs/www
$ ssl-ca gen www
Generating RSA private key, 512 bit long modulus
................................++++++++++++
..++++++++++++
e is 65537 (0x10001)
Signature ok
subject=/CN=*.*.www.domain.tld
Getting CA Private KeyTo sign existing keys, copy them to the keys/ folder. All keys that don't
have a matching certificate under certs/ will be signed when running
$ openssl genrsa -out keys/smtp #Generate a key for smtp.domain.tld
$ ssl-ca sign
Signature ok
subject=/CN=*.*.smtp.domain.tld
Getting CA Private KeyTo resign ALL existing keys (regardles of existing certificates)
$ ssl-ca resign
Signature ok
subject=/CN=*.*.smtp.domain.tld
Getting CA Private Key
Signature ok
subject=/CN=*.*.www.smtp.domain.tld
Getting CA Private KeyDevelopment
For easing devlopment make test and make clean are also provided (it's
recommended to add make test to the pre-push git hook).
License
This software is licnesed under the MIT licese (see the LICENSE.txt file).
Author
Nimrod Adar, contact me or visit my website. Patches are welcome via git send-email. The repository is located at: https://www.shore.co.il/cgit/.
TODO
- Add checks and failure messages to each action.