Certificate Management Tools

Automated certificate generation and signing tools for UCS CA.

Tools

1. cert-manager.py (Interactive Mode)

The main interactive tool that handles the entire certificate lifecycle.

Usage:

./cert-manager.py

Features:

• Interactive prompts with default values
• Remembers last used values
• Generates CSR on remote host
• Signs certificate with UCS CA
• Optionally deploys certificate back to target host

2. generate-csr.sh (Standalone)

Generates a certificate signing request on a remote host.

Usage:

./generate-csr.sh <hostname> <common-name> [country] [state] [locality] [org] [ou]

Example:

./generate-csr.sh 192.168.1.100 server.example.com DE berlin berlin egonetix it

3. sign-cert.sh (Standalone)

Signs a certificate request with the UCS CA.

Usage:

./sign-cert.sh <req-file> <hostname> [days]

Example:

./sign-cert.sh server.req server 3650

Configuration

The interactive tool stores default values in ~/.cert-manager-config.json.

Default values:

• Country: DE
• State: berlin
• Locality: berlin
• Organization: egonetix
• Organizational Unit: it
• CA Server: 10.0.0.21
• Validity: 3650 days (10 years)

Workflow

1. Run ./cert-manager.py
2. Enter target host (IP or hostname where certificate will be used)
3. Enter common name (FQDN for the certificate)
4. Review/modify certificate subject fields
5. Confirm and proceed
6. The tool will:
   • Generate CSR on target host
   • Sign it with UCS CA
   • Optionally copy certificate back to target

Requirements

• SSH access to target host as root
• SSH access to UCS CA server (10.0.0.21) as root
• OpenSSL on target host
• Python 3.6+ for interactive tool

Notes

• Private keys are generated and remain on the target host
• Certificate requests (.req) and signed certificates (-cert.pem) are stored locally
• The interactive tool remembers your last target host and common name for convenience