dan/certifix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add title

Browse Source
This commit is contained in:
Daniel Barlow 2024-09-25 21:34:27 +01:00
parent 27f2718ec5
commit 1a3e7918b2
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@ -1,6 +1,9 @@
A small HTTP(S)[*] API that accepts X509 CSRs and signs them if they
contain the magic number (specifically, if they have a custom
`challengePassword` attribute containing a pre-agreed value)
# Certifix
Not an Asterix character. A small HTTP(S)[*] API that accepts X509
CSRs and signs them if they contain the magic number (specifically, if
they have a custom `challengePassword` attribute containing a
pre-agreed value)
Modelled on the Puppet CA "Policy-based autosigning" functionality,
but without the rest of Puppet
@ -32,11 +35,11 @@ echo 'urban cookie collective' > psk
chmod 0700 psk
# create CA key and cert
openssl genrsa -out ca.key 4096
openssl genrsa -out ca.key 4096
CN=CA openssl req -config openssl.cnf -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt
# create client CSR
CN=rotuer openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout client.key -out client.csr
CN=rotuer openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout client.key -out client.csr
# start the server
bin/certifix