https://github.com/fooker/keymaker

A management tool for SSL certificates and keys
https://github.com/fooker/keymaker

Last synced: 11 months ago
JSON representation

A management tool for SSL certificates and keys

• Host: GitHub
• URL: https://github.com/fooker/keymaker
• Owner: fooker
• License: gpl-3.0
• Archived: true
• Created: 2015-03-29T01:51:51.000Z (about 11 years ago)
• Default Branch: master
• Last Pushed: 2015-04-02T15:43:09.000Z (about 11 years ago)
• Last Synced: 2025-06-10T08:05:56.072Z (12 months ago)
• Language: Python
• Size: 176 KB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.adoc
  • License: LICENSE

Awesome Lists containing this project

README

          
keymaker

========

A management tool for SSL certificates and keys

*keymaker* is a tool build ease the management of SSL server certificates by having an easy to use interface for the most common tasks.

Concept

-------

*keymaker* manages a local (as on the computer it's executed) store which contains the certificates and keys for a number of hosts and where all actions are applied to.

Each certificate is identified and addressed by the host name, which is also used as the +common name+ (+CN+) in the certificate.

The store is implemented as a simple folder on the local filesystem whereas each certificate has a sub-folder named as the host name.

Inside these certificate specific folders, two files exists: +server.crt+ containing the SSL certificate and +server.key+ containing the according key pair.

For actions requiring a certificate authority, *keymaker* handles the communication with the authority as configured by the store (only CACert supported by now).

Installation

------------

Installation from source requires an existing +python >= 3.4+ installation including +setuptools+.

After downloading the source from a release package or cloning the repository the tool can be installed using +setuptools+ (as root):

    python3 setup.py install

This will ensure all required libraries are installed and installs the tool to the system.

Usage

-----

All actions are available using the +keymaker+ command.

Calling +keymaker --help+ will provide a complete list of actions and accepted parameters and arguments.

Configure the store

~~~~~~~~~~~~~~~~~~~

The store directory (by default +/etc/ssl/keymaker+) must be created and a configuration file called +config.ini+ must be saved inside the store.

The store configuration must contain at least the following:

    [authority]

    type=cacert

and a CACert client certificate and key must be stored under the store directory as +client.crt+ and +client.key+.

If existing certificates and keys should be added to the store, the according directories must be created and the certificate and key files must be stored as described in _Concept_.

Creating a certificate

~~~~~~~~~~~~~~~~~~~~~~

Creating a new host entry in the store can be done by this:

    keymaker -b ${KEYSTORE} create example.com

Listing certificates

~~~~~~~~~~~~~~~~~~~~

A list of all hosts in the store can be retrieved by this:

    keymaker -b ${KEYSTORE} list

Problems and Feedback

---------------------

Feedback is always appreciated and can be send by mail to fooker@lab.sh.

Please report bugs and feature request to https://github.com/fooker/keymaker/issues.