Easy CA management
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
Edoardo Putti 7ac268342d add example for a user_certificate sign_request 8 years ago
LICENSE add GPLv3 license to CA manager 8 years ago
README.md add example for a user_certificate sign_request 8 years ago
ca_manager.py change new API in sign_request 8 years ago
ca_shell.py implement describe_ca 8 years ago
certificate_requests.py fix wrong data representation when reading JSON 8 years ago
lookup.py raise IndexError instead of ValueError in RequestLookup 8 years ago
make_get_request.py Bugfixes. 9 years ago
make_ssh_host_request.py permit passing key content as argument 8 years ago
make_ssh_user_request.py permit passing key content as argument 8 years ago
make_ssl_host_request.py permit passing key content as argument 8 years ago
paths.py add docs to modules 8 years ago
request_server.py fix typo in debug message 8 years ago

README.md

CA manager

This collection of tools is our take on managing a CA, signing SSH keys and certificates, signin SSL certificates.

Tools

request_server.py

This is a shell for a user, the shell only reads the input from the user and return a JSON, this user can be used with Ansible to request and retrive certificates.

The server logs can be found at /home/request/request_server.log

sign_request

The input must be a JSON file, e.g

{
	"request": {
		"keyType": "ssh_host",
		"hostName": "my_new_server",
		"keyData": "ssh-ed25519 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa root@my_new_server"
	},
	"type": "sign_request"
}

the example is a sign_request for a ssh host certificate.

{
	"request": {
		"keyType": "ssh_user",
		"userName": "my_username",
		"keyData": "ssh-ed25519 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa my_username@my_hostname",
		"rootRequested": true
	},
	"type": "sign_request"
}

This example is sign_request for a ssh user certificate with root access.

The shell just output a json with status, reason, failed and msg keys.

{
	"failed" : ...,
	"msg" : ...,
	"reason" : ...,
	"status" : ...
}

The keys failed and msg are only requested to comply with ansible.

ca_sheel.py

This is a shell for a user, the shell limits the commands to the one we are interested, like generating a SSH/SSL CA, signing keys.

# LILiK CA Manager

Welcome to the certification authority shell.
Type help or ? to list commands.
	    
(CA Manager)> ?

Documented commands (type help <topic>):
========================================
describe_cas  gen_ca  help  ls_ca  ls_requests  quit  sign_request

Configuration

The only configuration needed is the path where to operate, modifying te file paths.py is all is needed.