add readme

1 files changed, 58 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..949465d
--- /dev/null
+++ b/README.md
@@ -0,0 +1,58 @@
+easyca
+======
+
+Easyca attempts to make managing a Certificate Authority very easy.
+Serial, index, etc, are formatted in a way to be compatible with openssl,
+so you can use openssl for commands not implemented by easyca.
+
+# Usage
+
+Easyca usage is straighforward:
+
+1. Init the directory you will use
+2. Create the CA
+3. Create certificates
+
+Create an env.sh that you can source later (or add to your .bashrc)
+
+```
+export PKI_ROOT=/tmp/pki
+export PKI_ORGANIZATION="Umbrella Corp"
+export PKI_ORGANIZATIONAL_UNIT=IT
+export PKI_COUNTRY=US
+export PKI_LOCALITY="Agloe"
+export PKI_PROVINCE="New York"
+```
+
+Before being able to create you certificates, you need to `init` the root directory.
+It creates files and directories required by easyca.
+
+```
+mkdir $PKI_ROOT
+easyca init
+```
+
+Args passed to create make the Common Name, here: "Umbrella Corp Global Authority"
+```
+easyca create --ca Umbrella Corp Global Authority
+```
+
+Then you can choose between server and client certificate, by default server is implied, to generate a client certificate add `--client`
+
+Generate a wildcard certificate for your web apps:
+```
+easyca create --dns "*.umbrella.com" *.umbrella.com
+```
+
+Another example, a certificate for wiki and www:
+```
+easyca create --dns "www.umbrella.com" --dns "wiki.umbrella.com"  www.umbrella.com
+```
+
+For more info about available flags, checkout out the help `-h`
+
+You will find the generated cert in `issued` and private key in `private`
+
+# Disclaimer
+
+This is not an official Google product