Caoffice
Certification Authority Management
Introduction
As I'm using multiple certificates for different services and dealing with CA Makefile which is not as practical as it should, I started to develop this WebUI management tool after seeing that alternatives found arround the web were not maitained or ddidn't support all my requirements.
The idea is to have a web-based application to safely store and manage the certificates as well as the CA itself.
Features
- Generation of Key pairs, Certificate Requests, Self-signed certificates, and CA signing
- Certificate revocation and CRL generation
- x509 extensions: KeyUsage, extendedKeyUsage, CA, Subject Alternative Names, …
- Import Key pairs, certificate requests and signed certificates
- Certificate renewal
Limitations
Note that many of this limitations are due the early stage of development of the application.
- Currently it doesn't provide encryption of the data so is UNSAFE to useit
- Due poor implementation of the PHP-SSL module, I'm using directly the openssl binary installed on the system so is quite bound to its limitations, versions and so.
- Only support RSA keys
- Only PEM format is managed (stored, import, …)
- No policy enforcement
- No security at all (no user authentication, authorization, …)
Todo
- User authn and authz, organization and role management
- Multilevel (per-organization) encryption
- Export to PEM, PKCS12, …
- Delete/regenerate CSRs
- Audit log history
- Automanagement: sing, revoke, CRL generation, expirations, …
- Notifications: Pending requests, new CRLs, CRL generation date, expiry date
- DB audit
Last ChangeLog history
- An error occurred while fetching this feed: http://www.l3jane.net/websvn/rss.php?repname=Factory&path=%2Ftrunk%2FCAoffice%2F&isdir=1&
Install
Requirements
- OpenSSL
- MySQL Database
- PHP (tested with 5 and 7)
- CodeIgniter (working on 3.0.4, may work with newer releases)
Downloads
I usually doesn't provide packaged download, instead I try to keep the development trunk free of bugs, so usable. For big changes I usually use a separated branch to not affect main trunk of development.
In case the software have few changes (either because is stable enough or even because I don't maintain it actively) I provide packaged tarballs.
Install
Basically you will need to setup CodeIgniter Framework. For the database, you need to create a pki
database and user with full privileges on it for the app. To create the Database you can import the pki.sql
file.
Configure
Configure the app via the config/appconfig.php
file