https://github.com/opensciencegrid/osg-pki-tools
CLI interface to generate certificate signing requests
https://github.com/opensciencegrid/osg-pki-tools
container software
Last synced: 2 days ago
JSON representation
CLI interface to generate certificate signing requests
- Host: GitHub
- URL: https://github.com/opensciencegrid/osg-pki-tools
- Owner: opensciencegrid
- License: apache-2.0
- Created: 2016-04-01T21:18:26.000Z (almost 10 years ago)
- Default Branch: master
- Last Pushed: 2025-09-09T17:59:07.000Z (5 months ago)
- Last Synced: 2025-10-11T00:39:12.052Z (4 months ago)
- Topics: container, software
- Language: Python
- Homepage: https://opensciencegrid.org/docs
- Size: 855 KB
- Stars: 3
- Watchers: 10
- Forks: 12
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
OSG PKI Tools
=============
The Open Science Grid (OSG) Private Key Infrastructure (PKI) Tools provide a convenient command-line interface for
common X.509 certificate commands used by OSG site administrators.
Formerly, this repository contained a collection of tools to request, approve, renew, and revoke certificates from the
[OSG Certificate Authority (CA)](https://opensciencegrid.org/technology/policy/service-migrations-spring-2018/#osg-ca).
This repository contains tools for generating Certificate Signing Requests and for getting host or service certificates from the InCommon CA.
osg-cert-request
----------------
The `osg-cert-request` tool generates [certificate signing requests (CSRs)](https://en.wikipedia.org/wiki/Certificate_signing_request)
that can be submitted to CAs (e.g. InCommon) for the purpose of obtaining host certificates.
**Features:**
- Bulk generation of CSRs (and associated keys)
- Easy addition of Subject Alternative Names (SANs) to each CSR
### Synopsis ###
```
usage: osg-cert-request (-H HOSTNAME | -F HOSTFILE) -C COUNTRY -S STATE -L LOCALITY -O ORGANIZATION
[-h] [-a ALTNAMES] [-d WRITE_DIRECTORY] [-V]
```
See osg-cert-request -h for a description of the options.
osg-incommon-cert-request
-------------------------
The `osg-incommon-cert-request` retrieves host or service certificates
from the InCommon CA. It requires a user account with InCommon
authorized to use the remote API, and a user certificate and key issued
by InCommon that is authorized to create host certificates for that account.
**Features:**
- Bulk retrieval of certificates & keys
- Easy addition of Subject Alternative Names (SANs) to each certificate
### Synopsis ###
```
Usage: osg-incommon-cert-request [--debug] -u username -k pkey -c cert \
(-H hostname | -F hostfile) [-a altnames] [-d write_directory] \
[-O org,dept]
osg-incommon-cert-request [--debug] -u username -k pkey -c cert -t
osg-incommon-cert-request -h
osg-incommon-cert-request --version
```
See osg-incommon-cert-request -h or the
[man page](https://htmlpreview.github.io/?https://github.com/opensciencegrid/osg-pki-tools/blob/master/man/osgincommoncertrequest.html)
for a description of the options.