Shellpki is a very tiny and easy PKI in command lines.
Go to file
Victor LABORIE 545d251eab Add .swp file to gitignore 2018-10-24 15:20:29 +02:00
.gitignore Add .swp file to gitignore 2018-10-24 15:20:29 +02:00
LICENSE Add GPLv2+ licence 2018-01-17 12:32:21 +01:00 Add sudo right to README install 2018-01-31 15:15:56 +01:00
Vagrantfile Add a Vagrantfile for testing 2018-04-11 14:32:45 +02:00 Use logger for cn-filter 2018-03-01 16:24:27 +01:00
ocspd.service Add a delay for auto restart in systemd service 2018-06-27 19:04:59 +02:00
openssl.cnf Add an OCSPD responder 2018-06-27 13:48:12 +02:00 Add missing arg for cacert creation 2018-08-01 11:03:04 +02:00


This script is a wrapper around openssl to manage a small PKI.


mkdir /etc/shellpki
useradd shellpki --system -M --home-dir /etc/shellpki --shell /usr/sbin/nologin
install -m 0640 openssl.cnf /etc/shellpki/
install -m 0755 /usr/local/sbin/shellpki
# visudo -f /etc/sudoers.d/shellpki
%shellpki ALL = (root) /usr/local/sbin/shellpki


Usage: ./ <subcommand> [options] [CommonName]

Initialize PKI (create CA key and self-signed cert) :

    ./ init

Create a client cert with key and CSR directly generated on server
(use -p for set a password on client key) :

    ./ create [-p] <commonName>

Create a client cert from a CSR (doesn't need key) :

    ./ create -f <path>

Revoke a client cert with is commonName (CN) :

    ./ revoke <commonName>

List all actually valid commonName (CN) :

    ./ list


Shellpki are in GPLv2+, see LICENSE.