# Certificate Management Tools

Automated certificate generation and signing tools for UCS CA.

## Tools

### 1. cert-manager.py (Interactive Mode)
The main interactive tool that handles the entire certificate lifecycle.

**Usage:**
```bash
./cert-manager.py
```

**Features:**
- Interactive prompts with default values
- Remembers last used values
- Generates CSR on remote host
- Signs certificate with UCS CA
- Optionally deploys certificate back to target host

### 2. generate-csr.sh (Standalone)
Generates a certificate signing request on a remote host.

**Usage:**
```bash
./generate-csr.sh <hostname> <common-name> [country] [state] [locality] [org] [ou]
```

**Example:**
```bash
./generate-csr.sh 192.168.1.100 server.example.com DE berlin berlin egonetix it
```

### 3. sign-cert.sh (Standalone)
Signs a certificate request with the UCS CA.

**Usage:**
```bash
./sign-cert.sh <req-file> <hostname> [days]
```

**Example:**
```bash
./sign-cert.sh server.req server 3650
```

## Configuration

The interactive tool stores default values in `~/.cert-manager-config.json`.

Default values:
- Country: DE
- State: berlin
- Locality: berlin
- Organization: egonetix
- Organizational Unit: it
- CA Server: 10.0.0.21
- Validity: 3650 days (10 years)

## Workflow

1. Run `./cert-manager.py`
2. Enter target host (IP or hostname where certificate will be used)
3. Enter common name (FQDN for the certificate)
4. Review/modify certificate subject fields
5. Confirm and proceed
6. The tool will:
   - Generate CSR on target host
   - Sign it with UCS CA
   - Optionally copy certificate back to target

## Requirements

- SSH access to target host as root
- SSH access to UCS CA server (10.0.0.21) as root
- OpenSSL on target host
- Python 3.6+ for interactive tool

## Notes

- Private keys are generated and remain on the target host
- Certificate requests (.req) and signed certificates (-cert.pem) are stored locally
- The interactive tool remembers your last target host and common name for convenience