Shellpki is a very tiny and easy PKI in command lines.
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
Victor Laborie a45a130e60 Don't force Vagrant::DEFAULT_SERVER_URL (doesn't work with recent Vagrant version) il y a 8 mois
.gitignore Add .swp file to gitignore il y a 2 ans
LICENSE Shellpki is now MIT licensed il y a 1 an
README.md Strip .sh extension from shellpki script il y a 1 an
Vagrantfile Don't force Vagrant::DEFAULT_SERVER_URL (doesn't work with recent Vagrant version) il y a 8 mois
cn-filter.sh Use logger for cn-filter il y a 2 ans
ocspd.service Add a delay for auto restart in systemd service il y a 2 ans
openssl.cnf Add an OCSPD responder il y a 2 ans
shellpki Replace getopts by manual parsing and remove set -u il y a 1 an

README.md

ShellPKI

This script is a wrapper around OpenSSL to manage a small PKI.

Install

Debian

useradd shellpki --system -M --home-dir /etc/shellpki --shell /usr/sbin/nologin
mkdir /etc/shellpki
install -m 0640 openssl.cnf /etc/shellpki/
install -m 0755 shellpki /usr/local/sbin/shellpki
chown -R shellpki: /etc/shellpki
# visudo -f /etc/sudoers.d/shellpki
%shellpki ALL = (root) /usr/local/sbin/shellpki

OpenBSD

useradd -r 1..1000 -d /etc/shellpki -s /sbin/nologin _shellpki
mkdir /etc/shellpki
install -m 0640 openssl.cnf /etc/shellpki/
install -m 0755 shellpki /usr/local/sbin/shellpki
chown -R _shellpki:_shellpki /etc/shellpki
# visudo -f /etc/sudoers
%_shellpki ALL = (root) /usr/local/sbin/shellpki

OpenVPN

If you want auto-generation of the OpenVPN config file in /etc/shellpki/openvpn, you need to create a template file in /etc/shellpki/ovpn.conf, eg. :

client
dev tun
tls-client
proto udp

remote ovpn.example.com 1194

persist-key
persist-tun

cipher AES-256-CBC

Usage

Usage: ./shellpki <subcommand> [options] [CommonName]

Initialize PKI (create CA key and self-signed cert) :

   ./shellpki init <commonName_for_CA>

Create a client cert with key and CSR directly generated on server (use -p for set a password on client key) :

    ./shellpki create [-p] <commonName>

Create a client cert from a CSR (doesn’t need key) :

    ./shellpki create -f <path>

Revoke a client cert with is commonName (CN) :

    ./shellpki revoke <commonName>

List all actually valid commonName (CN) :

    ./shellpki list

License

ShellPKI is an Evolix project and is licensed under the MIT license.