Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hardillb/web-ca

Very simple web frontend for openssl to create new certificates and sign them with supplied certs
https://github.com/hardillb/web-ca

certificate-authority

Last synced: 3 months ago
JSON representation

Very simple web frontend for openssl to create new certificates and sign them with supplied certs

Host: GitHub
URL: https://github.com/hardillb/web-ca
Owner: hardillb
License: apache-2.0
Created: 2020-02-10T21:50:47.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2024-09-18T09:46:14.000Z (4 months ago)
Last Synced: 2024-10-13T16:11:32.929Z (3 months ago)
Topics: certificate-authority
Language: EJS
Size: 152 KB
Stars: 9
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

# Personal Web Certificate Authority

This is a small web front end for creating certifacates signed by a supplied CA cert and key.

It was written to run on a Raspberry Pi Zero running as a USB Ethernet gadget to provide a
"secure" offline CA. Details can be found [here](https://www.hardill.me.uk/wordpress/2020/02/10/a-personal-offline-certificate-authority/)

## Configure

You can configure the service by editing the `options.js` file

```
module.exports = {
caPath: "./ca".
caCertPath: "./ca/ca.crt",
caKeyPath: "./ca/ca.key",
life: 365,
port: 80
}
```

You can set the path to the CA's cert and key, set the default certificate life in days and
the port the service will listen on.

## Setup

To allow running as a normal user and still binding to port 80 run the following.

```
sudo setcap CAP_NET_BIND_SERVICE=+eip `which node`
```

Be aware this will allow ANY nodejs app to bind to system ports.

If you need to create a new CA cert then you can edit the `createCA.js` file to set the DN information for the CA
and then run:

```
npm createCA -p
```

## Running

```
npm start
```

### Usage

Just point your browser at the correct host/port and then pick from either a host or personal
certificate. Fill in the required fields including the passphrase for the CA key and a
passsphase for the output P12 file.

## TODO

- build OpenVPN client config files
- ~~Add a LOT of error handling~~
- ~~Allow the uploading of an old cert (to extract the Subject info) to create new~~ (not possible as needs priv key)
- ~~Add more constraints to cert types~~
- ~~Add support to update CA serial/csr data~~