Shellpki is a very tiny and easy PKI in command lines.
.gitignore | ||
cn-filter.sh | ||
LICENSE | ||
ocspd.service | ||
openssl.cnf | ||
README.md | ||
shellpki.sh | ||
Vagrantfile |
shellpki
This script is a wrapper around openssl to manage a small PKI.
Install
mkdir /etc/shellpki
useradd shellpki --system -M --home-dir /etc/shellpki --shell /usr/sbin/nologin
install -m 0640 openssl.cnf /etc/shellpki/
install -m 0755 shellpki.sh /usr/local/sbin/shellpki
# visudo -f /etc/sudoers.d/shellpki
%shellpki ALL = (root) /usr/local/sbin/shellpki
Usage
Usage: ./shellpki.sh <subcommand> [options] [CommonName]
Initialize PKI (create CA key and self-signed cert) :
./shellpki.sh init
Create a client cert with key and CSR directly generated on server
(use -p for set a password on client key) :
./shellpki.sh create [-p] <commonName>
Create a client cert from a CSR (doesn't need key) :
./shellpki.sh create -f <path>
Revoke a client cert with is commonName (CN) :
./shellpki.sh revoke <commonName>
List all actually valid commonName (CN) :
./shellpki.sh list
License
Shellpki are in GPLv2+, see LICENSE.