root/zertifizierung
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4 Commits 1 Branch 0 Tags
d9e3356e9a58478a9fb19c96408827ca11a64090
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
root d9e3356e9a Add intelligent system detection and Proxmox support 
New features:
- detect-system.sh: Automatically detects target system type
  - Proxmox VE
  - pfSense
  - TrueNAS
  - UCS
  - Unknown/generic

- deploy-proxmox.sh: Automated Proxmox certificate deployment
  - Backs up existing certificates
  - Installs certificate to /etc/pve/local/pveproxy-ssl.*
  - Restarts pveproxy service
  - Fully automated deployment

- cert-manager.py enhancements:
  - Detects system type before proceeding
  - Uses system-specific deployment scripts when available
  - Shows detected system type in summary
  - Intelligent deployment based on system capabilities
  - Manual deployment instructions for unsupported systems
2025-10-23 08:28:23 +02:00
.gitignore
Initial commit: Certificate management tools
2025-10-23 08:11:35 +02:00
cert-manager.py
Add intelligent system detection and Proxmox support
2025-10-23 08:28:23 +02:00
deploy-proxmox.sh
Add intelligent system detection and Proxmox support
2025-10-23 08:28:23 +02:00
detect-system.sh
Add intelligent system detection and Proxmox support
2025-10-23 08:28:23 +02:00
EXAMPLES.md
Add usage examples documentation
2025-10-23 08:18:04 +02:00
generate-csr.sh
Add configurable key length with 4096-bit default
2025-10-23 08:22:45 +02:00
README.md
Initial commit: Certificate management tools
2025-10-23 08:11:35 +02:00
sign-cert.sh
Initial commit: Certificate management tools
2025-10-23 08:11:35 +02:00

README.md

Certificate Management Tools

Automated certificate generation and signing tools for UCS CA.

Tools

1. cert-manager.py (Interactive Mode)

The main interactive tool that handles the entire certificate lifecycle.

Usage:

./cert-manager.py

Features:

  • Interactive prompts with default values
  • Remembers last used values
  • Generates CSR on remote host
  • Signs certificate with UCS CA
  • Optionally deploys certificate back to target host

2. generate-csr.sh (Standalone)

Generates a certificate signing request on a remote host.

Usage:

./generate-csr.sh <hostname> <common-name> [country] [state] [locality] [org] [ou]

Example:

./generate-csr.sh 192.168.1.100 server.example.com DE berlin berlin egonetix it

3. sign-cert.sh (Standalone)

Signs a certificate request with the UCS CA.

Usage:

./sign-cert.sh <req-file> <hostname> [days]

Example:

./sign-cert.sh server.req server 3650

Configuration

The interactive tool stores default values in ~/.cert-manager-config.json.

Default values:

  • Country: DE
  • State: berlin
  • Locality: berlin
  • Organization: egonetix
  • Organizational Unit: it
  • CA Server: 10.0.0.21
  • Validity: 3650 days (10 years)

Workflow

  1. Run ./cert-manager.py
  2. Enter target host (IP or hostname where certificate will be used)
  3. Enter common name (FQDN for the certificate)
  4. Review/modify certificate subject fields
  5. Confirm and proceed
  6. The tool will:
    • Generate CSR on target host
    • Sign it with UCS CA
    • Optionally copy certificate back to target

Requirements

  • SSH access to target host as root
  • SSH access to UCS CA server (10.0.0.21) as root
  • OpenSSL on target host
  • Python 3.6+ for interactive tool

Notes

  • Private keys are generated and remain on the target host
  • Certificate requests (.req) and signed certificates (-cert.pem) are stored locally
  • The interactive tool remembers your last target host and common name for convenience
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 97 KiB
Languages
Shell 60.9%
Python 39.1%