README
¶
certmanager
Managing CA and Certificates
GET /ca - Returns all CA POST /ca - Create a new CA GET /ca/:id - Returns information about a CA key PUT /ca/:id/verify - Verirfy a CA DELETE /ca/:id - Deletes a CA TODO: Renew a CA
GET /cert - Returns all Certificates POST /cert - Create a new Certificate GET /cert/:id - Returns a certificate public key DELETE /cert/:id - Deletes a certificate TODO: Renew a certificate
CA: Passphrase (4 to 1023 characters) Days of validity Subject Country State Location Organization Organizational Unit
generate aes encrypted private key
openssl genrsa -aes256 -out ca.key 4096
make public cert
openssl req -x509 -new -nodes -key ca.key -sha256 -days 1826 -out ca.crt -subj '/CN=test root CA/C=DE/ST=Berlin/L=Berlin/O=test'
cert info
openssl x509 -in ca.crt -text -noout
verify cert
openssl verify -CAfile ca.crt ca.crt
check a private key
openssl rsa -in ca.key -check
comvert to pem
openssl x509 -inform der -in ca.crt -out ca.pem
pfx
openssl pkcs12 -export -out ca.pfx -inkey ca.key -in ca.crt -certfile ca.crt
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Cert ¶
type Cert interface {
// Return Serial of the certificate
Serial() string
// Return the subject of the certificate
Subject() string
// Return ErrExpired if the certificate has expired,
// or nil if the certificate is valid. Other error returns
// indicate other problems with the certificate
IsValid() error
// Return the expiry date of the certificate
Expires() time.Time
// Return true if the certificate is a CA
IsCA() bool
// Return the key type
KeyType() string
// Write a .pem file with the certificate
WriteCertificate(w io.Writer) error
// Write a .pem file with the private key
WritePrivateKey(w io.Writer) error
}
Cert interface represents a certificate or certificate authority
type CertStorage ¶
type CertStorage interface {
server.Task
// Return all certificates. This may not return the certificates
// themselves, but the metadata for the certificates. Use Read
// to get the certificate itself
List() ([]Cert, error)
// Read a certificate by serial number
Read(string) (Cert, error)
// Write a certificate
Write(Cert) error
// Delete a certificate
Delete(Cert) error
}
CertStorage interface represents a storage for certificates
type Config ¶
type Config struct {
X509Name `hcl:"x509_name" description:"X509 name for certificate"`
CertStorage CertStorage `hcl:"cert_storage" description:"Certificate storage"`
}
func (Config) Description ¶
Description returns the description of the service
type X509Name ¶
type X509Name struct {
OrganizationalUnit string `hcl:"organizational_unit,omitempty" description:"X509 Organizational Unit"`
Organization string `hcl:"organization" description:"X509 Organization"`
Locality string `hcl:"locality,omitempty" description:"X509 Locality"`
Province string `hcl:"province,omitempty" description:"X509 Province"`
Country string `hcl:"country,omitempty" description:"X509 Country"`
StreetAddress string `hcl:"street_address,omitempty" description:"X509 Street Address"`
PostalCode string `hcl:"postal_code,omitempty" description:"X509 Postal Code"`
}
Source Files
Directories