https://github.com/italia/spid-compliant-certificates

Solution to create self-signed certificates according to Avviso SPID n.29
https://github.com/italia/spid-compliant-certificates

spid

Last synced: 5 months ago
JSON representation

Solution to create self-signed certificates according to Avviso SPID n.29

• Host: GitHub
• URL: https://github.com/italia/spid-compliant-certificates
• Owner: italia
• License: mit
• Created: 2020-12-01T18:43:52.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2023-12-11T10:26:16.000Z (over 1 year ago)
• Last Synced: 2024-04-16T07:58:29.717Z (about 1 year ago)
• Topics: spid
• Language: Shell
• Homepage:
• Size: 63.5 KB
• Stars: 24
• Watchers: 7
• Forks: 12
• Open Issues: 8
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

        
# SPID Compliant Certificate

The repository contains a solution to create X.509 certificates according to

[Avviso SPID n.29 v3](https://www.agid.gov.it/sites/default/files/repository_files/spid-avviso-n29v3-specifiche_sp_pubblici_e_privati_0.pdf).

**NOTE:** Python native implementation available at https://github.com/italia/spid-compliant-certificates-python

**NOTE:** The solution is provided "AS-IS" and does not represent an official

implementation from Agenzia per l'Italia Digitale

## Private key, CSR and self-signed certificate for public sector (with Docker)

1.  Create and edit the `docker.env` file according to your needs

    (see [Configuration parameters](#configuration-parameters))

        $ cp public.env.example docker.env

        $ editor docker.env

2.  Run the script `gencert-with-docker.sh`

        $ chmod +x gencert-with-docker.sh

        $ ./gencert-with-docker.sh

3.  Enjoy with your new private key (`key.pem`) and self-signed certificate

    (`crt.pem`)

        $ ls ./generated-certs/

        crt.pem  csr.pem  key.pem

    NOTE: This generates also a certificate signing request (`csr.pem`)

    that can be submitted to AgID in order to obtain a signed certificate.

## Private key, CSR and self-signed certificate for public sector

1.  Run the following commands to configure the environment according to your

    needs (see [Configuration parameters](#configuration-parameters))

        $ cat > myenv.sh < myenv.sh <`

    element

    (example: `https://spid.agid.gov.it`, default: `""`)

*   `KEY_LEN`: length of the private key

    (allowd values: `[2048, 3072, 4096]`, default: `2048`)

*   `LOCALITY_NAME`: extended name of the locality

    (example: `Roma`, default: `""`)

*   `MD_ALG`: digest algorithm to be used

    (allowed values: `[sha256, sha512], `default: `sha256`)

*   `ORGANIZATION_NAME`: extended name of the service provider

    (example: `Agenzia per l'Italia Digitale`, default: `""`)

### Public sector specific

*   `DAYS`: validity of the self-signed certificate

    (example: `3650`, default: `730`)

*   `ORGANIZATION_IDENTIFIER`: service provider identifier in the form of

    `PA:IT-`

    (example: `PA:IT-c_h501`, default: `""`)

### Private sector specific

*   `ORGANIZATION_IDENTIFIER`: service provider identifier in the form of

    `VATIT-` or `CF:IT-`

    (example: `VATIT-12345678901`, default: `""`)