descriptionCreate various types of certificates
ownermackyle@gmail.com
last changeTue, 10 Feb 2015 07:21:18 +0000 (9 23:21 -0800)
content tags
add:
readme

The CACreateCert certificate utility was developed in order to facilitate using X509 client certificates for authentication with a web server over the https protocol when all the user has uploaded to the server for identification is an OpenSSH RSA public key (e.g. id_rsa.pub).

(In other words, the user pastes an OpenSSH RSA public key into a form on the web server and the web server responds with a client certificate that the user can then download and use together with the corresponding private key to authenticate to that web server.)

However, the CACreateCert utility has grown a number of additional options making it useful for creation of several other kinds of X509 certificates.

It may be helpful to first view the Example.html page to see how a full set of certificates and keys for a complete certificate chain may be generated (including individual user client authentication certificates). If more detail is needed on the veritable plethora of options available when running the CACreateCert utility, look at the output of the CACreateCert -h command.

A ConvertPubKey utility is also provided that can convert between OpenSSH and X.509 public key formats without using OpenSSH or OpenSSL.

This software is licensed under the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. See the included file LICENSE.txt or the web site http://www.gnu.org/licenses/agpl-3.0.html.

shortlog
2015-02-10 Kyle J. McKayREADME: add some headings and .md aliasmaster
2015-02-10 Kyle J. McKayCACreateCert: let --dni serial=# relocate the random...
2015-02-10 Kyle J. McKayCACreateCert: Acme Certificate Co.
2015-02-10 Kyle J. McKayCACreateCert: add support for including arbitrary disti...
2015-02-05 Kyle J. McKayCACreateCert: various minor cleanups and elucidations
2014-11-30 Kyle J. McKayCACreateCert: add some additional explanatory comments
2014-11-09 Kyle J. McKayCACreateCert: add some warning text about --dns usage
2014-11-08 Kyle J. McKayCACreateCert: never default to less than sha-256 if...
2014-11-06 Kyle J. McKayCACreateCert: tweak the documentation a bit
2014-11-02 Kyle J. McKayCACreateCert: make --root + --other-type do the right...
2014-11-02 Kyle J. McKayCACreateCert: add support for --dns option
2014-11-02 Kyle J. McKayCACreateCert: choose a stronger default hash for longer...
2014-11-02 Kyle J. McKayConvertPubKey: fine tune compute_rsadsa_strength
2014-10-28 Kyle J. McKayConvertPubKey: include secstrength in verbose output
2013-12-30 Kyle J. McKayCACreateCert: fix typo in help
2013-12-01 Kyle J. McKayExamples.html: correct some wording
...
heads
4 months ago master