pkictl
pkictl copied to clipboard
brianclements
Openssl wrapper script for simplifying Public Key Infrastructure tasks.
This PR might be a bit complicated to accept as it change defaults paths for configuration and certificates. It would probably break compatibility with previous versions, even if it is...
This allow to load a configuration file, after environment variable.
This would allow a better system/OS integration, and make easier to maintain more than one PKI.
OpenSSL provides a secure built-in way of generating random serials for certificates, which avoids possible conflicts.
Hello Brian, I have researched tools to use for our internal PKI and quite like pkictl. However I have noticed a problem. In https://github.com/brianclements/pkictl/blob/6d1e76ffa893b61f33107641c8d04017a26a65f3/myorg.local-node.tls.sub.root.ee.conf#L4 you specify a SAN. Doing it...
For consistency with openssl's own random serial generator, the seed serial number for the crl database should also be a random.
I did not have time to explore testing much further, so they are still a bit rough.
This is interesting so that you can have a root CA signing certificates valid for a certain validity (e.g. `default_days = 5478` (~15 years) which would work for intermediate CAs,...
Right now it's hardwired to split a file ending in "intermediates.pem." This is fine in most cases for new imports that have different files names. But in situations where you...
Metadata
Owner
Metadata
Openssl wrapper script for simplifying Public Key Infrastructure tasks.