github.com/brimstone/sbuca@v0.0.0-20151202175429-8691d9eba5c5/README.md (about) 1 # sbuca 2 3 [](https://travis-ci.org/brimstone/sbuca)[](https://coveralls.io/github/brimstone/sbuca?branch=master) 4 5 6 Simple But Useful Certificate Authority 7 8 When developing, it's always a pain to generate certificate for SSL/TLS usage. `sbuca` is the simple CA that helps you to generate what you just need in a painless way. 9 10 Current features: 11 12 1. generate a rsa key (no need to connect to the server) 13 2. generate a certification request (no need to connect to the server) 14 3. submit the certification request to the sbuca CA server, and get the signed Certificate 15 4. get CA's certification 16 17 ### Video 18 19 <http://youtu.be/6d83GZpt0O8> 20 21 ### ChallangePost 22 23 <http://gopher-gala.challengepost.com/submissions/32201-sbuca> 24 25 26 ## Installation 27 28 go get github.com/brimstone/sbuca 29 30 31 ## Quick Start 32 33 Let's tried the hosted sbuca server 34 35 Generate a Rsa Key 36 37 sbuca genkey > test.key 38 39 Generate a Certificate Request 40 41 sbuca gencsr --key test.key > test.csr 42 43 Submit the Certificate Request to the hosted server and get the Certificate 44 45 sbuca submitcsr --host try.sbuca.com:8600 test.csr > test.crt 46 47 In case you want to get the Certificate in another computer, you can add `--format id`, then the output will become the id (serial number) of the Certificate 48 49 sbuca submitcsr --host try.sbuca.com:8600 --format id test.csr 50 51 Then you can get the certificate in another computer (I use ID=2 as example here) 52 53 sbuca getcrt --host try.sbuca.com:8600 2 > test.crt 54 55 To get CA's certificate 56 57 sbuca getcacrt --host try.sbuca.com:8600 > ca.crt 58 59 60 ## Usage 61 62 ### Run the CA server 63 64 To run a CA server, you can use 65 66 sbuca server 67 68 It'll generate ca/ca.srl, ca/ca.key, and ca/ca.crt if needed. 69 The server listens to `0.0.0.0:8600` by default. 70 71 72 If you want to generate the key & certiricate by your own: 73 74 mkdir ca certs 75 echo 01 > ca/ca.srl 76 openssl genrsa -out ca/ca.key 2048 77 openssl req -x509 -new -key ca/ca.key -out ca/ca.crt 78 sbuca server 79 80 81 ### Generate a RSA Key 82 83 sbuca genkey > test.key 84 85 This command is same as 86 87 openssl genrsa -out test.key 2048 88 89 90 ### Generate a Certification Request 91 92 sbuca gencsr --key test.key > test.csr 93 94 This command is same as 95 96 openssl req -new -key test.key -out test.csr 97 98 99 ### Submit the Certification Request to the CA 100 101 By default, it'll output the signed Certificate to STDIN 102 103 sbuca submitcsr --host localhost:8600 test.csr > test.crt 104 105 If you want to get the ID instead, you can add `--format id` 106 107 sbuca submitcsr --host localhost:8600 --format id test.csr 108 109 We can use this `id` to get the certificate in another computer 110 111 In case you want to use curl to submit the csr, it'll output a JSON by default 112 113 curl localhost:8600/certificates -XPOST --data-urlencode csr@test.csr 114 115 If you want to download the Certificate instead of the JSON, you can add `?format=file` 116 117 curl localhost:8600/certificates?format=file -XPOST --data-urlencode csr@test.csr > test.crt 118 119 120 ### Get the Certificate by ID 121 122 sbuca getcrt --host localhost:8600 [ID] > test.crt 123 124 You can also use curl to get the Certificate (I use ID=2 as example) 125 126 curl localhost:8600/certificates/2?format=file > test.crt 127 128 129 ### Get CA's Certificate 130 131 sbuca getcacrt --host localhost:8600 > ca.crt 132 133 You can also use curl to get it 134 135 curl localhost:8600/ca/certificate?format=file > ca.crt 136 137 138 ### For Docker User 139 140 docker pull waitingkuo/sbuca 141 docker run sbuca -p 8600:8600 sbuca server 142 143 ## TODO 144 145 1. password protection 146 2. admin fuctions: delete, delete all, get all, reset, ...