diff options
| -rw-r--r-- | README.md | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..949465d --- /dev/null +++ b/README.md @@ -0,0 +1,58 @@ +easyca +====== + +Easyca attempts to make managing a Certificate Authority very easy. +Serial, index, etc, are formatted in a way to be compatible with openssl, +so you can use openssl for commands not implemented by easyca. + +# Usage + +Easyca usage is straighforward: + +1. Init the directory you will use +2. Create the CA +3. Create certificates + +Create an env.sh that you can source later (or add to your .bashrc) + +``` +export PKI_ROOT=/tmp/pki +export PKI_ORGANIZATION="Umbrella Corp" +export PKI_ORGANIZATIONAL_UNIT=IT +export PKI_COUNTRY=US +export PKI_LOCALITY="Agloe" +export PKI_PROVINCE="New York" +``` + +Before being able to create you certificates, you need to `init` the root directory. +It creates files and directories required by easyca. + +``` +mkdir $PKI_ROOT +easyca init +``` + +Args passed to create make the Common Name, here: "Umbrella Corp Global Authority" +``` +easyca create --ca Umbrella Corp Global Authority +``` + +Then you can choose between server and client certificate, by default server is implied, to generate a client certificate add `--client` + +Generate a wildcard certificate for your web apps: +``` +easyca create --dns "*.umbrella.com" *.umbrella.com +``` + +Another example, a certificate for wiki and www: +``` +easyca create --dns "www.umbrella.com" --dns "wiki.umbrella.com" www.umbrella.com +``` + +For more info about available flags, checkout out the help `-h` + +You will find the generated cert in `issued` and private key in `private` + +# Disclaimer + +This is not an official Google product |