Shellpki is a very tiny and easy PKI in command lines.

Go to file

Victor LABORIE d176ae28fb Add a delay for auto restart in systemd service		2018-06-27 19:04:59 +02:00
.gitignore	Add a Vagrantfile for testing	2018-04-11 14:32:45 +02:00
LICENSE	Add GPLv2+ licence	2018-01-17 12:32:21 +01:00
README.md	Add sudo right to README install	2018-01-31 15:15:56 +01:00
Vagrantfile	Add a Vagrantfile for testing	2018-04-11 14:32:45 +02:00
cn-filter.sh	Use logger for cn-filter	2018-03-01 16:24:27 +01:00
ocspd.service	Add a delay for auto restart in systemd service	2018-06-27 19:04:59 +02:00
openssl.cnf	Add an OCSPD responder	2018-06-27 13:48:12 +02:00
shellpki.sh	Add -ignore_err for openssl ocsp	2018-06-27 19:04:29 +02:00

README.md

shellpki

This script is a wrapper around openssl to manage a small PKI.

Install

mkdir /etc/shellpki
useradd shellpki --system -M --home-dir /etc/shellpki --shell /usr/sbin/nologin
install -m 0640 openssl.cnf /etc/shellpki/
install -m 0755 shellpki.sh /usr/local/sbin/shellpki

# visudo -f /etc/sudoers.d/shellpki
%shellpki ALL = (root) /usr/local/sbin/shellpki

Usage

Usage: ./shellpki.sh <subcommand> [options] [CommonName]

Initialize PKI (create CA key and self-signed cert) :

    ./shellpki.sh init

Create a client cert with key and CSR directly generated on server
(use -p for set a password on client key) :

    ./shellpki.sh create [-p] <commonName>

Create a client cert from a CSR (doesn't need key) :

    ./shellpki.sh create -f <path>

Revoke a client cert with is commonName (CN) :

    ./shellpki.sh revoke <commonName>

List all actually valid commonName (CN) :

    ./shellpki.sh list

License

Shellpki are in GPLv2+, see LICENSE.