root/zertifizierung
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3 Commits 1 Branch 0 Tags
5837c35b7c73f4f2c9856c1e11de81d63b77e2ae
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
root 5837c35b7c Add configurable key length with 4096-bit default 
- Added key_bits parameter to configuration (default: 4096)
- Updated generate-csr.sh to accept key length as 8th parameter
- Updated cert-manager.py to prompt for key length
- Key length shown in summary and output
- Supports common key sizes: 2048, 4096, 8192 bits
2025-10-23 08:22:45 +02:00
.gitignore
Initial commit: Certificate management tools
2025-10-23 08:11:35 +02:00
cert-manager.py
Add configurable key length with 4096-bit default
2025-10-23 08:22:45 +02:00
EXAMPLES.md
Add usage examples documentation
2025-10-23 08:18:04 +02:00
generate-csr.sh
Add configurable key length with 4096-bit default
2025-10-23 08:22:45 +02:00
README.md
Initial commit: Certificate management tools
2025-10-23 08:11:35 +02:00
sign-cert.sh
Initial commit: Certificate management tools
2025-10-23 08:11:35 +02:00

README.md

Certificate Management Tools

Automated certificate generation and signing tools for UCS CA.

Tools

1. cert-manager.py (Interactive Mode)

The main interactive tool that handles the entire certificate lifecycle.

Usage:

./cert-manager.py

Features:

  • Interactive prompts with default values
  • Remembers last used values
  • Generates CSR on remote host
  • Signs certificate with UCS CA
  • Optionally deploys certificate back to target host

2. generate-csr.sh (Standalone)

Generates a certificate signing request on a remote host.

Usage:

./generate-csr.sh <hostname> <common-name> [country] [state] [locality] [org] [ou]

Example:

./generate-csr.sh 192.168.1.100 server.example.com DE berlin berlin egonetix it

3. sign-cert.sh (Standalone)

Signs a certificate request with the UCS CA.

Usage:

./sign-cert.sh <req-file> <hostname> [days]

Example:

./sign-cert.sh server.req server 3650

Configuration

The interactive tool stores default values in ~/.cert-manager-config.json.

Default values:

  • Country: DE
  • State: berlin
  • Locality: berlin
  • Organization: egonetix
  • Organizational Unit: it
  • CA Server: 10.0.0.21
  • Validity: 3650 days (10 years)

Workflow

  1. Run ./cert-manager.py
  2. Enter target host (IP or hostname where certificate will be used)
  3. Enter common name (FQDN for the certificate)
  4. Review/modify certificate subject fields
  5. Confirm and proceed
  6. The tool will:
    • Generate CSR on target host
    • Sign it with UCS CA
    • Optionally copy certificate back to target

Requirements

  • SSH access to target host as root
  • SSH access to UCS CA server (10.0.0.21) as root
  • OpenSSL on target host
  • Python 3.6+ for interactive tool

Notes

  • Private keys are generated and remain on the target host
  • Certificate requests (.req) and signed certificates (-cert.pem) are stored locally
  • The interactive tool remembers your last target host and common name for convenience
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 97 KiB
Languages
Shell 60.9%
Python 39.1%