• Alain Takoudjou's avatar
    initial implementation of certificate authority · 26015ada
    Alain Takoudjou authored
    The certificate authority is used to generate and sign certificate, there is 3 parts:
    - web: which contains API to submit certificate signature request and to download signed certificate
    - cliweb: which is a command line tool used to quickly generate private key and send certificate signature request, he will
    also downlaod automatically the signed certificate as well as ca certificate.
    - cli: is used to garbage collect certificate authority, all expired certificate, csr, crl and revocation will be trashed using this tool.
    The first csr can be automatically signed, the rest will be signed by the adminitrator, first connection to /admin/ will ask to set password
    the admin can see all csr (pending) then sign them. As soon as csr is signed, the client will download (cliweb) the certificate.
    client can also renew or revoke his certificate using CA API. Renew and revoke are immediate, there is no admin approval.
    on server side, the storage storage.py use sqlite to store all informations (certificat, csr, crl and revocations), there is no use of openssl here.
    ca.py will invoke the storage to store or to get certificates.
    the client store certificate directly on filesystem, so it can be read by apache, nginx, etc.
Last commit
Last update
caucase Loading commit data...
doc Loading commit data...
.gitignore Loading commit data...
COPYING Loading commit data...
README.rst Loading commit data...
setup.py Loading commit data...