2017-05-21 05:36:47 +02:00
|
|
|
# shellpki
|
|
|
|
|
|
2018-01-17 12:21:39 +01:00
|
|
|
This script is a wrapper around openssl to manage a small PKI.
|
2017-05-21 05:36:47 +02:00
|
|
|
|
2018-01-17 12:21:39 +01:00
|
|
|
## Install
|
2017-05-21 05:36:47 +02:00
|
|
|
|
2018-01-17 12:21:39 +01:00
|
|
|
~~~
|
|
|
|
|
mkdir /etc/shellpki
|
|
|
|
|
useradd shellpki --system -M --home-dir /etc/shellpki --shell /usr/sbin/nologin
|
|
|
|
|
install -m 0640 openssl.cnf /etc/shellpki/
|
|
|
|
|
install -m 0755 shellpki.sh /usr/local/sbin/shellpki
|
|
|
|
|
~~~
|
2017-05-21 05:36:47 +02:00
|
|
|
|
2018-01-17 12:21:39 +01:00
|
|
|
## Usage
|
2017-05-21 05:36:47 +02:00
|
|
|
|
2018-01-17 12:21:39 +01:00
|
|
|
Initialize PKI creating CA key and certificate :
|
2017-05-21 05:36:47 +02:00
|
|
|
|
2018-01-17 12:21:39 +01:00
|
|
|
~~~
|
|
|
|
|
shellpki init
|
|
|
|
|
~~~
|
2017-05-21 05:36:47 +02:00
|
|
|
|
2018-01-17 12:21:39 +01:00
|
|
|
Create a certificate and key on the server :
|
2017-05-21 05:36:47 +02:00
|
|
|
|
2018-01-17 12:21:39 +01:00
|
|
|
~~~
|
|
|
|
|
shellpki create
|
|
|
|
|
~~~
|
2017-05-21 05:36:47 +02:00
|
|
|
|
2018-01-17 12:21:39 +01:00
|
|
|
Create a certificate without key from a CSR :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
shellpki fromcsr
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Revoke a certificate :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
shellpki revoke
|
|
|
|
|
~~~
|
