0

easypki

Creating a certificate authority the easy way

Github 資源庫
主要指標
  • 所有者: google/easypki
  • 平台:
  • 許可證: Apache License 2.0
  • 分類:
  • 主題:
  • 喜歡:
    0
      比較:

Github星跟蹤圖

Build Status
codecov

easypki

Easy Public Key Infrastructure intends to provide most of the components needed
to manage a PKI, so you can either use the API in your automation, or use the
CLI.

API

godoc

For the latest API:

import "gopkg.in/google/easypki.v1"

Legacy API

API below pkg/ has been rewritten to allow extensibility in terms of PKI
storage and better readability.

If you used the legacy API that was only writing files to disk, a tag has been
applied so you can still import it:

import "gopkg.in/google/easypki.v0"

CLI

Current implementation of the CLI uses the local store and uses a structure
compatible with openssl, so you are not restrained.

# Get the CLI:
go get github.com/google/easypki/cmd/easypki


# You can also pass the following through arguments if you do not want to use
# env variables.
export PKI_ROOT=/tmp/pki
export PKI_ORGANIZATION="Acme Inc."
export PKI_ORGANIZATIONAL_UNIT=IT
export PKI_COUNTRY=US
export PKI_LOCALITY="Agloe"
export PKI_PROVINCE="New York"

mkdir $PKI_ROOT

# Create the root CA:
easypki create --filename root --ca "Acme Inc. Certificate Authority"

# In the following commands, ca-name corresponds to the filename containing
# the CA.

# Create a server certificate for blog.acme.com and www.acme.com:
easypki create --ca-name root --dns blog.acme.com --dns www.acme.com www.acme.com

# Create an intermediate CA:
easypki create --ca-name root --filename intermediate --intermediate "Acme Inc. - Internal CA"

# Create a wildcard certificate for internal use, signed by the intermediate ca:
easypki create --ca-name intermediate --dns "*.internal.acme.com" "*.internal.acme.com"

# Create a client certificate:
easypki create --ca-name intermediate --client --email bob@acme.com bob@acme.com

# Revoke the www certificate.
easypki revoke $PKI_ROOT/root/certs/www.acme.com.crt

# Generate a CRL expiring in 1 day (PEM Output on stdout):
easypki crl --ca-name root --expire 1

You will find the generated certificates in $PKI_ROOT/ca_name/certs/ and
private keys in $PKI_ROOT/ca_name/keys/

For more info about available flags, checkout out the help easypki -h.

Disclaimer

This is not an official Google product.

主要指標

概覽
名稱與所有者google/easypki
主編程語言Go
編程語言Go (語言數: 3)
平台
許可證Apache License 2.0
所有者活动
創建於2015-10-08 13:04:02
推送於2023-03-21 23:30:23
最后一次提交2017-02-17 11:15:40
發布數3
最新版本名稱v1.1.0 (發布於 )
第一版名稱v0.1.1 (發布於 )
用户参与
星數591
關注者數29
派生數107
提交數38
已啟用問題?
問題數11
打開的問題數6
拉請求數2
打開的拉請求數2
關閉的拉請求數1
项目设置
已啟用Wiki?
已存檔?
是復刻?
已鎖定?
是鏡像?
是私有?