~poptart/hosaka-pki

Simple POSIX sh PKI wrapper for TLS and SSH
Updated to begin adding the interactive functions
README cleanup
updated the default config to be not specific to my own configuration and some other server functions

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~poptart/hosaka-pki
read/write
git@git.sr.ht:~poptart/hosaka-pki

You can also use your local clone with git send-email.

#hosaka-pki

A set of shell scripts for configuring multiple kinds of common PKI systems in a functional manner. Currently the config supports:

  • SSL/TLS via the openssl(1) command
  • SSH via OpenSSH > 8.0

The goals are to attempt to shorten the nightmare of remember a ton of PKI commands and to encourage secure defaults. New versions never have guarentees about compatability.

Fundamentally this project is a thin wrapper around openssl commands in order to try and alieviate some of the UX nightmare that they are.

#SSL/TLS PKI

hosaka-pki tls ca
hosaka-pki tls server ashpool /etc/ssl/
hosaka-pki tls info
hosaka-pki tls sign /etc/hosaka/pki/ssl/intermediate/csr/ashpool.csr.pem
hosaka-pki tls sign ashpool
hosaka-pki tls check

#OpenSSH PKI

hosaka-pki ssh ca
hosaka-pki ssh server ashpool poptart,users
hosaka-pki ssh info
hosaka-pki ssh sign ./ahspool.pub