You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Victor Laborie
a45a130e60
|
9 months ago | |
|---|---|---|
| .gitignore | 2 years ago | |
| LICENSE | 1 year ago | |
| README.md | 1 year ago | |
| Vagrantfile | 9 months ago | |
| cn-filter.sh | 2 years ago | |
| ocspd.service | 2 years ago | |
| openssl.cnf | 2 years ago | |
| shellpki | 1 year ago | |
README.md
ShellPKI
This script is a wrapper around OpenSSL to manage a small PKI.
Install
Debian
useradd shellpki --system -M --home-dir /etc/shellpki --shell /usr/sbin/nologin
mkdir /etc/shellpki
install -m 0640 openssl.cnf /etc/shellpki/
install -m 0755 shellpki /usr/local/sbin/shellpki
chown -R shellpki: /etc/shellpki
# visudo -f /etc/sudoers.d/shellpki
%shellpki ALL = (root) /usr/local/sbin/shellpki
OpenBSD
useradd -r 1..1000 -d /etc/shellpki -s /sbin/nologin _shellpki
mkdir /etc/shellpki
install -m 0640 openssl.cnf /etc/shellpki/
install -m 0755 shellpki /usr/local/sbin/shellpki
chown -R _shellpki:_shellpki /etc/shellpki
# visudo -f /etc/sudoers
%_shellpki ALL = (root) /usr/local/sbin/shellpki
OpenVPN
If you want auto-generation of the OpenVPN config file in /etc/shellpki/openvpn, you need to create a template file in /etc/shellpki/ovpn.conf, eg. :
client
dev tun
tls-client
proto udp
remote ovpn.example.com 1194
persist-key
persist-tun
cipher AES-256-CBC
Usage
Usage: ./shellpki <subcommand> [options] [CommonName]
Initialize PKI (create CA key and self-signed cert) :
./shellpki init <commonName_for_CA>
Create a client cert with key and CSR directly generated on server (use -p for set a password on client key) :
./shellpki create [-p] <commonName>
Create a client cert from a CSR (doesn’t need key) :
./shellpki create -f <path>
Revoke a client cert with is commonName (CN) :
./shellpki revoke <commonName>
List all actually valid commonName (CN) :
./shellpki list
License
ShellPKI is an Evolix project and is licensed under the MIT license.