Skip to content
/ easy-ca Public

A command line interface written in Bash for openSSL allowing you to easily manage your certificates

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

daweedm/easy-ca

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
easy-ca.sh
easy-ca.sh
 
 

Repository files navigation

easy-ca

A command line interface for openSSL written in Bash allowing you to easily manage your certification authorities and X509 certificates for your Public Key Infrastructure

Requirements

  • openssl 1.1.0+
  • bash 4.4+

Installation

git clone https://github.com/daweedm/easy-ca && chmod +x easy-ca/easy-ca.sh

Usage

./easy-ca/easy-ca.sh [-d ROOT_CA_DIR]

If -d is not specified or isn't a compatible directory you'll be prompted to init a new root certification authority.

This script handles for you the creation of root CA, intermediate CA and certificates. It allows you to manage an infinite number of intermediate CA and certificates with a simple CLI.

What does it do for you ?

  • creation of CA and X509 certificates
  • intermediate CA and certificate signing by parent CA
  • setting best files and folders permissions for security (the access to the private keys is limited to the user that created them (owner) and the certificates are readable by everyone in your system)
  • setting defaults (country, state/province name, organization name, ...) in each openssl.cnf files
  • handling alternatives names for each issued certificate (preventing errors in some new clients like Google Chrome 58+)
  • prevent some intermediate CA to sign other CA if you want

Directory structure

Daweed_Authority_Group_0/
└── ... # You can handle multiple certificate authorities
Daweed_Authority_Group_1/
└── root/ # naming convention for the Root CA
    ├── CA.key # the CA private key
    ├── CA.pem # the CA certificate
    ├── index.txt # emission db
    ├── index.txt.attr
    ├── serial
    ├── openssl.cnf # Each CA has its own openssl configuration file where you have access to more configuration options
    ├── crl/ # TODO: will be used for revocation
    ├── csr/ # contains the generated certificate signing requests
    ├── public/
    │     ├── newcerts/ # TODO: will be used for revocation
    │     └── certs/  
    │           └── web.daweed.be.pem
    ├── private/
    │     └── keys/
    │           ├── web.daweed.be.key
    │           └── ...
    └── children/ # contains the child CA
          ├── Daweed_Intermediate_CA_1/
          │     ├── CA.key # the CA private key
          │     ├── ...
          │     ├── openssl.cnf # Each CA has its own openssl configuration file where you have access to more configuration options 
          │     └── children/
          │           └── ... # contains the child CA
          │
          ├── Daweed_Intermediate_CA_2/
          └── ...

TODO

  • CRL handling

Contribution

Any pull-request is welcome !

About

A command line interface written in Bash for openSSL allowing you to easily manage your certificates

Topics

bash cli openssl certificate-authority certificate-generation certificate-signing-request

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages