SimpleCA

module

v0.0.0-...-a6744e1 Latest Latest Go to latest Published: Aug 14, 2018 License: GPL-3.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jrolli/SimpleCA

Links

Open Source Insights

README ¶

SimpleCA

Overview

Server

Configuration

Usage

  -cert string
        path to web server certificate
  -certkey string
        path to key for web certificate
  -dir string
        path to directory for the CA files (default "ca")
  -domain string
        DNS domain for CA certificates (default "test")
  -listen string
        listen address for server (default ":80")

cert

The path to the certificate to use for HTTPS connections to the API.

certkey

The corresponding private key to the 'cert' option when serving the API with HTTPS.

dir

The path to the base directory for the file backed certificate authority.

domain

The DNS domain for the certificate authority. The CA's root certificate limits itself to only being valid for this domain when it is created on first instantiation.

listen

This is the address ([hostname]:[port]) on which the server should listen. The server application does not handle permissions on its own so the caller is responsible for ensuring it is called with sufficient privileges/capabilities if binding to a privileged port (i.e. 80 or 443). Additionally, the default port remains 80 even when invoked with TLS certificates.

API

/authorize (POST)

Authorize a new certificate: Uses the admin credentials to create a token for adding a new client/endpoint. If successful, the server will return a 200 OK status along with a body containing the single use token for registering a new certificate. On error, the server will return the most appropriate status code along with a short error summary in the body.

{
    "names": ["name1.test", "name2.test", "name3.test"],
    "signature": "[base64 encoded signature]"
}

/register (POST)

Register a new certificate: Consumes an authorization token (generated by_/authorize_) to add a new endpoint for certificate management. If successful, the server will return a 200 OK status along with the body containing the new certificate in DER encoding. On error, the server will return the most appropriate status code along with a short error summary in the body.

{
    "authkey": "[base64 encoded token from server]",
    "publickey": "[base64 encoding of DER public key for new certificate]",
    "signature": "[base64 encoded signature]"
}

/register/[token].p12 (GET)

Register a new certificate: Consumes an authorization token (generated by /authorize) to add a new endpoint for certificate management. If successful, the server will return a 200 OK status along with a PKCS12 file of the new certificate and associated private key encrypted using the token as the password. On error, the server will return the most appropriate status code along with a short error summary in the body.

/serial/[serial].crt (GET)

Lookup a certificate: Looks up a certificate by the hexadecimal representation of its serial number. If successful, the server will return a 200 OK status along with the body containing the certificate in DER encoding. On error, the server will return the most appropriate status code along with a short error summary in the body.

/serial/[common name].crt (GET)

Lookup a certificate: Looks up a certificate by its common name. If successful, the server will return a 200 OK status along with the body containing the certificate in DER encoding. On error, the server will return the most appropriate status code along with a short error summary in the body.

/serial/ca.crt (GET)

Root certificate: Retrieves a copy of the root certificate. If successful, the server will return a 200 OK status along with the body containing the certificate in DER encoding. On error, the server will return the most appropriate status code along with a short error summary in the body.

/serial/ca.crl (GET)

Certificate revocation list: Retrieves a copy of the current certificate revocation list (CRL). If successful, the server will return a 200 OK status along with the CRL in DER encoding. On error, the server will return the most appropriate status code along with a short error summary in the body.

/renew (POST)

Renew an certificate: (Not implemented) Uses an existing (and valid) certificate to get a new certificate for the allowed names.

/revoke (POST)

Revoke an certificaet: (Not implemented) Uses the admin credentials to revoke an certificate by serial number.

Client

Configuration

Directories ¶

Path	Synopsis
ca Package ca provides a common interface for upstream providers of certificate authority services that can be used to get new end use certificates.	Package ca provides a common interface for upstream providers of certificate authority services that can be used to get new end use certificates.
local Package local provides a basic implementation for a minimal certificate authority implemented in Go.	Package local provides a basic implementation for a minimal certificate authority implemented in Go.
client client is a minimal implementation for interfacing with the CA server from the command line.	client is a minimal implementation for interfacing with the CA server from the command line.
server server is a basic web application that interfaces with a local CA	server is a basic web application that interfaces with a local CA

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL