{"id":22819616,"url":"https://github.com/netreconlab/ca-server","last_synced_at":"2025-04-23T00:22:28.815Z","repository":{"id":130654344,"uuid":"589477270","full_name":"netreconlab/ca-server","owner":"netreconlab","description":"A Certificate Authority (CA) Server written in python using fastAPI","archived":false,"fork":false,"pushed_at":"2025-04-21T17:39:40.000Z","size":471,"stargazers_count":11,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-21T18:38:43.946Z","etag":null,"topics":["certificate-authority","certificate-signing-request","certificates","csr","docker","fastapi","hacktoberfest","python","singularity"],"latest_commit_sha":null,"homepage":"","language":"ASP.NET","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/netreconlab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["cbaker6","netreconlab"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":"https://www.buymeacoffee.com/cbaker6"}},"created_at":"2023-01-16T08:03:39.000Z","updated_at":"2025-04-21T17:38:00.000Z","dependencies_parsed_at":"2024-01-29T18:06:12.706Z","dependency_job_id":"62c0dd35-26e0-47d9-8942-1d0bb913d211","html_url":"https://github.com/netreconlab/ca-server","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netreconlab%2Fca-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netreconlab%2Fca-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netreconlab%2Fca-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netreconlab%2Fca-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/netreconlab","download_url":"https://codeload.github.com/netreconlab/ca-server/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250344679,"owners_count":21415160,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate-authority","certificate-signing-request","certificates","csr","docker","fastapi","hacktoberfest","python","singularity"],"created_at":"2024-12-12T15:13:17.296Z","updated_at":"2025-04-23T00:22:28.775Z","avatar_url":"https://github.com/netreconlab.png","language":"ASP.NET","readme":"# ca-server\n[![](https://dockeri.co/image/netreconlab/ca-server)](https://hub.docker.com/r/netreconlab/ca-server)\n[![Docker](https://github.com/netreconlab/ca-server/actions/workflows/build.yml/badge.svg)](https://github.com/netreconlab/ca-server/actions/workflows/build.yml)\n[![Docker](https://github.com/netreconlab/ca-server/actions/workflows/release.yml/badge.svg)](https://github.com/netreconlab/ca-server/actions/workflows/release.yml)\n![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)\n\n---\nQuickly create Certificate Authorities (CAs) for your applications.\n\n## Software Designed for `ca-server`\n- [ParseCertificateAuthority](https://github.com/netreconlab/ParseCertificateAuthority) - Send CSR's and retreive certificates to/from `ca-server` from [Parse-Swift](https://github.com/netreconlab/Parse-Swift) based clients and servers\n- [CertificateSigningRequest](https://github.com/cbaker6/CertificateSigningRequest) - Generate CSR's on Swift clients and servers that can later be signed by `ca-server`\n- [Parse-Swift](https://github.com/netreconlab/Parse-Swift) - Write Parse client apps in Swift. When coupled with [ParseCertificateAuthority](https://github.com/netreconlab/ParseCertificateAuthority) and [CertificateSigningRequest](https://github.com/cbaker6/CertificateSigningRequest), provides the complete client-side stack for generating CSR's, sending/receiving certificates to/from `ca-server`\n- [ParseServerSwift](https://github.com/netreconlab/parse-server-swift) - Write Parse Server Cloud Code apps in Swift. When coupled with [ParseCertificateAuthority](https://github.com/netreconlab/ParseCertificateAuthority), [CertificateSigningRequest](https://github.com/cbaker6/CertificateSigningRequest), and [Parse-Swift](https://github.com/netreconlab/Parse-Swift) provides the complete server-side stack for generating CSR's, sending/receiving certificates to/from `ca-server`\n\n\n## Images\nMultiple images are automatically built for your convenience. Images can be found at the following locations:\n- [Docker - Hosted on Docker Hub](https://hub.docker.com/r/netreconlab/ca-server)\n- [Singularity - Hosted on GitHub Container Registry](https://github.com/netreconlab/hipaa-postgres/pkgs/container/ca-server)\n\n## Environment Variables\nBelow is a list of environment variables available to configure `ca-server`. It is required to mount the folder containing `CA_SERVER_PRIVATE_KEY_FILE` and `CA_SERVER_ROOT_CA_CERT`. It is recommended to mount the folder containing `CA_SERVER_DATABASE_NAME` to persist your database during restarts. See https://rajanmaharjan.medium.com/secure-your-mongodb-connections-ssl-tls-92e2addb3c89 to learn how to create a private key and root certificate. It is also recommended to mount the folder containing `CA_SERVER_CA_DIRECTORY` to persist any files created by `ca-server`.\n\n```bash\nCA_SERVER_PRIVATE_KEY_FILE=./server/ca/private/cakey.pem # (Required) Location and name of private key \nCA_SERVER_ROOT_CA_CERT=./server/ca/private/cacert.der # (Required) Location and name of CA certificate\nCA_SERVER_DATABASE_NAME=./server/dbs/appdb.sqlite # (Required) Location and name of the database\nCA_SERVER_CA_DIRECTORY=./server/ca # Location to store CA related files\nCA_SERVER_ROUTE_ROOT_CERTIFICATE_PREFIX=/ca_certificate # The prefix to add root certificate related routes\nCA_SERVER_ROUTE_USER_PREFIX=/appusers # The prefix to add to all user related routes\nCA_SERVER_ROUTE_CERTIFICATE_PREFIX=/certificates # The prefix to add to all certificate related routes\nCA_SERVER_ROUNDS=5 # Number of rounds\n```\n\n## Local Deployment\n![image](https://user-images.githubusercontent.com/8621344/215227812-3dc126d6-ecf6-4b6d-b349-c4154f14b4d1.png)\n\n### Option 1\nUse the docker-compose.yml file to run on a docker container or\n1. Fork this repo\n2. In terminal, run `docker-compose up`\n3. Then Go to `http://localhost:3000/docs` to view api docs and use as needed\n\n### Option 2\nRun directly on your local machine by:\n1. Fork this repo\n2. Install python 3.10.x and poetry\n3. Running `poetry install in the root directory`\n4. Run `poetry run uvicorn server.main:app --host 0.0.0.0 --port 3000`\n5. Then Go to `http://localhost:3000/docs` to view api docs and use as needed\n\n## Running behind a proxy\nIf you need to run `ca-server` behind a proxy, `--root-path` needs to be added to command to start `ca-server` in the `docker-compose.yml` file. The root path should match the exact endpoint proxying to `ca-server`. For example, if your endpoint is `/ca`, then the proper command is below:\n\n```bash\n# `docker-compose.yml` \ncommand: [ \"./start-poetry.sh\", \"poetry\", \"run\", \"uvicorn\", \"server.main:app\", \"--host\", \"0.0.0.0\", \"--port\", \"3000\", \"--root-path\", \"/ca\" ]\n```\n\nIn addition, two endpoints to the nginx configuration file:\n```bash\n# Allow access to the docs of your ca-server\nlocation /ca/docs {\n    proxy_pass http://ca-server:3000/docs;\n}\n\n# Allow access to the rest of your ca-server api\nlocation /ca/ {\n    proxy_pass http://ca-server:3000/;\n}\n```\n","funding_links":["https://github.com/sponsors/cbaker6","https://github.com/sponsors/netreconlab","https://www.buymeacoffee.com/cbaker6"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetreconlab%2Fca-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnetreconlab%2Fca-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetreconlab%2Fca-server/lists"}