Initial commit: Certificate management tools
- cert-manager.py: Interactive certificate lifecycle management - generate-csr.sh: Generate CSR on remote host - sign-cert.sh: Sign certificate with UCS CA - README.md: Complete documentation - .gitignore: Ignore certificate and config files Features: - Interactive prompts with default values - Config persistence between runs - Remote CSR generation with proper server extensions - Automated CA signing - Optional certificate deployment
This commit is contained in:
root
84
README.md
Normal file
84
README.md
Normal file
@@ -0,0 +1,84 @@
|
||||
# Certificate Management Tools
|
||||
|
||||
Automated certificate generation and signing tools for UCS CA.
|
||||
|
||||
## Tools
|
||||
|
||||
### 1. cert-manager.py (Interactive Mode)
|
||||
The main interactive tool that handles the entire certificate lifecycle.
|
||||
|
||||
**Usage:**
|
||||
```bash
|
||||
./cert-manager.py
|
||||
```
|
||||
|
||||
**Features:**
|
||||
- Interactive prompts with default values
|
||||
- Remembers last used values
|
||||
- Generates CSR on remote host
|
||||
- Signs certificate with UCS CA
|
||||
- Optionally deploys certificate back to target host
|
||||
|
||||
### 2. generate-csr.sh (Standalone)
|
||||
Generates a certificate signing request on a remote host.
|
||||
|
||||
**Usage:**
|
||||
```bash
|
||||
./generate-csr.sh <hostname> <common-name> [country] [state] [locality] [org] [ou]
|
||||
```
|
||||
|
||||
**Example:**
|
||||
```bash
|
||||
./generate-csr.sh 192.168.1.100 server.example.com DE berlin berlin egonetix it
|
||||
```
|
||||
|
||||
### 3. sign-cert.sh (Standalone)
|
||||
Signs a certificate request with the UCS CA.
|
||||
|
||||
**Usage:**
|
||||
```bash
|
||||
./sign-cert.sh <req-file> <hostname> [days]
|
||||
```
|
||||
|
||||
**Example:**
|
||||
```bash
|
||||
./sign-cert.sh server.req server 3650
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
The interactive tool stores default values in `~/.cert-manager-config.json`.
|
||||
|
||||
Default values:
|
||||
- Country: DE
|
||||
- State: berlin
|
||||
- Locality: berlin
|
||||
- Organization: egonetix
|
||||
- Organizational Unit: it
|
||||
- CA Server: 10.0.0.21
|
||||
- Validity: 3650 days (10 years)
|
||||
|
||||
## Workflow
|
||||
|
||||
1. Run `./cert-manager.py`
|
||||
2. Enter target host (IP or hostname where certificate will be used)
|
||||
3. Enter common name (FQDN for the certificate)
|
||||
4. Review/modify certificate subject fields
|
||||
5. Confirm and proceed
|
||||
6. The tool will:
|
||||
- Generate CSR on target host
|
||||
- Sign it with UCS CA
|
||||
- Optionally copy certificate back to target
|
||||
|
||||
## Requirements
|
||||
|
||||
- SSH access to target host as root
|
||||
- SSH access to UCS CA server (10.0.0.21) as root
|
||||
- OpenSSL on target host
|
||||
- Python 3.6+ for interactive tool
|
||||
|
||||
## Notes
|
||||
|
||||
- Private keys are generated and remain on the target host
|
||||
- Certificate requests (.req) and signed certificates (-cert.pem) are stored locally
|
||||
- The interactive tool remembers your last target host and common name for convenience
|
||||
Reference in New Issue
Block a user