Feedback on a Self-signed SSL CA?
Sean Reifschneider
jafo00 at gmail.com
Sat Jun 11 11:18:47 MDT 2022
At work we use self-signed certificates for internal and developer use. I
inherited some scripts that wrapped the openssl CLI but weren't supporting
new uses like the prevalence of Subject Alternatives Names.
So I reimagined it and have published what I have so far here:
https://github.com/linsomniac/rgca
With an appropriate config file, the typical use would be:
rgca ca new example.com
rgca cert new user1.example.com
rgca cert new --san test.example.com --san test2.example.com
user2.example.com
Basically everything can be configured by settings in (possibly multiple)
config files, environment variables, and CLI options. Expected use is that
things like the subject values (country, state, locality, email) are set in
the config file, so the CLI can be short. Instead of:
rgca cert new --C US --ST Colorado --L Fort Collins [...]
It should be compatible with existing CA setups with OpenSSL CLI tools, it
writes the "serial" and "index.txt" files.
Looking for feedback on the direction this is going in.
Thanks,
Sean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nclug.org/pipermail/nclug/attachments/20220611/d149052f/attachment.htm>
More information about the NCLUG
mailing list