shellpki/README.md

# shellpki

This script is a wrapper around openssl to manage a small PKI.

## Install

### Debian

~~~
useradd shellpki --system -M --home-dir /etc/shellpki --shell /usr/sbin/nologin
mkdir /etc/shellpki
install -m 0640 openssl.cnf /etc/shellpki/
install -m 0755 shellpki.sh /usr/local/sbin/shellpki
chown -R shellpki: /etc/shellpki
~~~

~~~
# visudo -f /etc/sudoers.d/shellpki
%shellpki ALL = (root) /usr/local/sbin/shellpki
~~~

### OpenBSD

~~~
useradd -r 1..1000 -d /etc/shellpki -s /sbin/nologin _shellpki
mkdir /etc/shellpki
install -m 0640 openssl.cnf /etc/shellpki/
install -m 0755 shellpki.sh /usr/local/sbin/shellpki
chown -R _shellpki:_shellpki /etc/shellpki
~~~

~~~
# visudo -f /etc/sudoers
%_shellpki ALL = (root) /usr/local/sbin/shellpki
~~~

## Usage

~~~
Usage: ./shellpki.sh <subcommand> [options] [CommonName]

Initialize PKI (create CA key and self-signed cert) :

    ./shellpki.sh init <commonName_for_CA>

Create a client cert with key and CSR directly generated on server
(use -p for set a password on client key) :

    ./shellpki.sh create [-p] <commonName>

Create a client cert from a CSR (doesn't need key) :

    ./shellpki.sh create -f <path>

Revoke a client cert with is commonName (CN) :

    ./shellpki.sh revoke <commonName>

List all actually valid commonName (CN) :

    ./shellpki.sh list
~~~

## License

Shellpki are in GPLv2+, see [LICENSE](LICENSE).
add a README.md 2017-05-21 05:36:47 +02:00			`# shellpki`

Complete refactoring 2018-01-17 12:21:39 +01:00			`This script is a wrapper around openssl to manage a small PKI.`
add a README.md 2017-05-21 05:36:47 +02:00
Complete refactoring 2018-01-17 12:21:39 +01:00			`## Install`
add a README.md 2017-05-21 05:36:47 +02:00
Add documentation for install on OpenBSD 2018-10-24 15:21:43 +02:00			`### Debian`

Complete refactoring 2018-01-17 12:21:39 +01:00			`~~~`
			`useradd shellpki --system -M --home-dir /etc/shellpki --shell /usr/sbin/nologin`
Add documentation for install on OpenBSD 2018-10-24 15:21:43 +02:00			`mkdir /etc/shellpki`
Complete refactoring 2018-01-17 12:21:39 +01:00			`install -m 0640 openssl.cnf /etc/shellpki/`
			`install -m 0755 shellpki.sh /usr/local/sbin/shellpki`
Add documentation for install on OpenBSD 2018-10-24 15:21:43 +02:00			`chown -R shellpki: /etc/shellpki`
Complete refactoring 2018-01-17 12:21:39 +01:00			`~~~`
add a README.md 2017-05-21 05:36:47 +02:00
Add sudo right to README install 2018-01-31 15:15:47 +01:00			`~~~`
			`# visudo -f /etc/sudoers.d/shellpki`
			`%shellpki ALL = (root) /usr/local/sbin/shellpki`
			`~~~`

Add documentation for install on OpenBSD 2018-10-24 15:21:43 +02:00			`### OpenBSD`

			`~~~`
			`useradd -r 1..1000 -d /etc/shellpki -s /sbin/nologin _shellpki`
			`mkdir /etc/shellpki`
			`install -m 0640 openssl.cnf /etc/shellpki/`
			`install -m 0755 shellpki.sh /usr/local/sbin/shellpki`
			`chown -R _shellpki:_shellpki /etc/shellpki`
			`~~~`

			`~~~`
			`# visudo -f /etc/sudoers`
			`%_shellpki ALL = (root) /usr/local/sbin/shellpki`
			`~~~`

Complete refactoring 2018-01-17 12:21:39 +01:00			`## Usage`
add a README.md 2017-05-21 05:36:47 +02:00
Complete refactoring 2018-01-17 12:21:39 +01:00			`~~~`
Shellpki is no more interactive 2018-01-23 16:52:42 +01:00			`Usage: ./shellpki.sh <subcommand> [options] [CommonName]`
add a README.md 2017-05-21 05:36:47 +02:00
Shellpki is no more interactive 2018-01-23 16:52:42 +01:00			`Initialize PKI (create CA key and self-signed cert) :`
add a README.md 2017-05-21 05:36:47 +02:00
Add missing param in doc for shellpki init 2018-10-24 15:29:32 +02:00			`./shellpki.sh init <commonName_for_CA>`
add a README.md 2017-05-21 05:36:47 +02:00
Shellpki is no more interactive 2018-01-23 16:52:42 +01:00			`Create a client cert with key and CSR directly generated on server`
			`(use -p for set a password on client key) :`
Complete refactoring 2018-01-17 12:21:39 +01:00
Shellpki is no more interactive 2018-01-23 16:52:42 +01:00			`./shellpki.sh create [-p] <commonName>`
Complete refactoring 2018-01-17 12:21:39 +01:00
Shellpki is no more interactive 2018-01-23 16:52:42 +01:00			`Create a client cert from a CSR (doesn't need key) :`
Complete refactoring 2018-01-17 12:21:39 +01:00
Shellpki is no more interactive 2018-01-23 16:52:42 +01:00			`./shellpki.sh create -f <path>`

			`Revoke a client cert with is commonName (CN) :`

			`./shellpki.sh revoke <commonName>`

			`List all actually valid commonName (CN) :`

			`./shellpki.sh list`
Complete refactoring 2018-01-17 12:21:39 +01:00			`~~~`
Add GPLv2+ licence 2018-01-17 12:32:21 +01:00
			`## License`

			`Shellpki are in GPLv2+, see [LICENSE](LICENSE).`