Simple POSIX sh PKI wrapper for TLS and SSH
8d6f421f — poptart 4 years ago
Updated to begin adding the interactive functions
37325529 — poptart 4 years ago
README cleanup
6268c8b0 — terrorbyte 4 years ago
updated the default config to be not specific to my own configuration and some other server functions


browse  log 



You can also use your local clone with git send-email.


A set of shell scripts for configuring multiple kinds of common PKI systems in a functional manner. Currently the config supports:

  • SSL/TLS via the openssl(1) command
  • SSH via OpenSSH > 8.0

The goals are to attempt to shorten the nightmare of remember a ton of PKI commands and to encourage secure defaults. New versions never have guarentees about compatability.

Fundamentally this project is a thin wrapper around openssl commands in order to try and alieviate some of the UX nightmare that they are.


hosaka-pki tls ca
hosaka-pki tls server ashpool /etc/ssl/
hosaka-pki tls info
hosaka-pki tls sign /etc/hosaka/pki/ssl/intermediate/csr/ashpool.csr.pem
hosaka-pki tls sign ashpool
hosaka-pki tls check


hosaka-pki ssh ca
hosaka-pki ssh server ashpool poptart,users
hosaka-pki ssh info
hosaka-pki ssh sign ./ahspool.pub