~poptart/hosaka-pki

Simple POSIX sh PKI wrapper for TLS and SSH
8d6f421f — poptart 9 months ago
Updated to begin adding the interactive functions
37325529 — poptart 11 months ago
README cleanup
6268c8b0 — terrorbyte 11 months ago
updated the default config to be not specific to my own configuration and some other server functions

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~poptart/hosaka-pki
read/write
git@git.sr.ht:~poptart/hosaka-pki

You can also use your local clone with git send-email.

#hosaka-pki

A set of shell scripts for configuring multiple kinds of common PKI systems in a functional manner. Currently the config supports:

  • SSL/TLS via the openssl(1) command
  • SSH via OpenSSH > 8.0

The goals are to attempt to shorten the nightmare of remember a ton of PKI commands and to encourage secure defaults. New versions never have guarentees about compatability.

Fundamentally this project is a thin wrapper around openssl commands in order to try and alieviate some of the UX nightmare that they are.

#SSL/TLS PKI

hosaka-pki tls ca
hosaka-pki tls server ashpool /etc/ssl/
hosaka-pki tls info
hosaka-pki tls sign /etc/hosaka/pki/ssl/intermediate/csr/ashpool.csr.pem
hosaka-pki tls sign ashpool
hosaka-pki tls check

#OpenSSH PKI

hosaka-pki ssh ca
hosaka-pki ssh server ashpool poptart,users
hosaka-pki ssh info
hosaka-pki ssh sign ./ahspool.pub