lwithers-ca
is a really simple CA (certificate authority), using the openssl
commandline client, implemented using a few bash scripts. I wrote it one evening because I needed
a simple CA, and to be able to generate a few keys and revoke some of them. Using the existing
CA we had was painful in the first place and hacking on, when it didn't exhibit the correct
behaviour, was very hard. This CA is pretty minimal which means it's easy to see how to fix or
otherwise kludge it.
This is an extremely simple commandline certificate authority (CA) that has support for generating a private key, self-signed root certificate, and for signing and revoking user keys (and for generating user keys and certificate signing requests). Setup ----- Run ./make.sh once. This will create any necessary files. You'll be asked a bunch of questions by openssl about your new root certificate. The CommonName should generally match the domain name you're interested in. The root certificate is in root/ca.crt . User keys --------- You can create a new user key and certificate signing request by changing to the users/key directory and running ./make.sh "username". Alternatively, you can create the key elsewhere and drop its CSR into users/csr/"username".csr . Then run ./make.sh, which will sign the CSR (resulting in users/cert/"username".crt) and, if the private key is available, will create a PKCS#12 file suitable for import into mail clients etc. in users/pkcs12/"username".p12 . Revocation ---------- Run ./revoke.sh username [...] This will generate root/crl.pem .
You can download the latest version by cloning the git repository:
git clone git://git.lwithers.me.uk/lwithers-ca
Version | Date | Source | GPG Signature (key) | Dependencies |
---|---|---|---|---|
1.0.0 | 20061012 | .tar.bz2 | .tar.bz2.asc |
Older releases may be found here.