Shellpki is a very tiny and easy PKI in command lines.

Go to file

Victor LABORIE d6469e4e5b Use logger for cn-filter		2018-03-01 16:24:27 +01:00
cn-filter.sh	Use logger for cn-filter	2018-03-01 16:24:27 +01:00
LICENSE	Add GPLv2+ licence	2018-01-17 12:32:21 +01:00
openssl.cnf	Retrieve vars from openssl.cnf file	2018-01-31 12:43:34 +01:00
README.md	Add sudo right to README install	2018-01-31 15:15:56 +01:00
shellpki.sh	Add check subcommand for expiration alert	2018-02-21 11:25:00 +01:00

README.md

shellpki

This script is a wrapper around openssl to manage a small PKI.

Install

mkdir /etc/shellpki
useradd shellpki --system -M --home-dir /etc/shellpki --shell /usr/sbin/nologin
install -m 0640 openssl.cnf /etc/shellpki/
install -m 0755 shellpki.sh /usr/local/sbin/shellpki

# visudo -f /etc/sudoers.d/shellpki
%shellpki ALL = (root) /usr/local/sbin/shellpki

Usage

Usage: ./shellpki.sh <subcommand> [options] [CommonName]

Initialize PKI (create CA key and self-signed cert) :

    ./shellpki.sh init

Create a client cert with key and CSR directly generated on server
(use -p for set a password on client key) :

    ./shellpki.sh create [-p] <commonName>

Create a client cert from a CSR (doesn't need key) :

    ./shellpki.sh create -f <path>

Revoke a client cert with is commonName (CN) :

    ./shellpki.sh revoke <commonName>

List all actually valid commonName (CN) :

    ./shellpki.sh list

License

Shellpki are in GPLv2+, see LICENSE.