-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathreadme.txt
43 lines (30 loc) · 1.09 KB
/
readme.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Simple script to perform basic CA tasks
1. Create and select CA directory
# mkdir my_ca_folder
# cd my_ca_folder
2. Prepare Micro-CA directory
# ../main/action prepare
This will create:
* openssl configuration - <conf_dir>/.openssl.cnf
* MicroCA configuration - <conf_dir>/.config
* openssl-compliant CA database - <conf_dir>/ca_dir/*
3. Change config ot configure your defaults
Set CRL/cert lifetimes and default DN component values
# vi .config
4. Generate root certificate
# ../main/action init
5. Generate request
# ../main/action req username [email protected]
6. Sign request for a default lifetime
# ../main/action sign requests/username-*.csr
or sign for 37 days
# ../main/action sign requests/username-*.csr 37
The new certificate will be copied into <conf_dir>/certificates folder
7. Revoke cert
# ../main/action revoke certificates/username-*.crt
8. Update CRL
# ../main/action crl
# cp crl.pem /some/path/where/you/need
Env wars:
CONF_DIR - specify path to CA directory
REQ_CERT_DAYS - set certificate lifetime while creating request