Caoffice

Certification Authority Management

As I'm using multiple certificates for different services and dealing with CA Makefile which is not as practical as it should, I started to develop this WebUI management tool after seeing that alternatives found arround the web were not maitained or ddidn't support all my requirements.

The idea is to have a web-based application to safely store and manage the certificates as well as the CA itself.

• Generation of Key pairs, Certificate Requests, Self-signed certificates, and CA signing
• Certificate revocation and CRL generation
• x509 extensions: KeyUsage, extendedKeyUsage, CA, Subject Alternative Names, …
• Import Key pairs, certificate requests and signed certificates
• Certificate renewal

Note that many of this limitations are due the early stage of development of the application.

• Currently it doesn't provide encryption of the data so is UNSAFE to useit
• Due poor implementation of the PHP-SSL module, I'm using directly the openssl binary installed on the system so is quite bound to its limitations, versions and so.
• Only support RSA keys
• Only PEM format is managed (stored, import, …)
• No policy enforcement
• No security at all (no user authentication, authorization, …)

  
  

  Todo
• User authn and authz, organization and role management
• Multilevel (per-organization) encryption
• Export to PEM, PKCS12, …
• Delete/regenerate CSRs
• Audit log history
• Automanagement: sing, revoke, CRL generation, expirations, …
• Notifications: Pending requests, new CRLs, CRL generation date, expiry date
• DB audit

• An error occurred while fetching this feed: http://www.l3jane.net/websvn/rss.php?repname=Factory&path=%2Ftrunk%2FCAoffice%2F&isdir=1&

Full Change Log

• OpenSSL
• MySQL Database
• PHP (tested with 5 and 7)
• CodeIgniter (working on 3.0.4, may work with newer releases)

I usually doesn't provide packaged download, instead I try to keep the development trunk free of bugs, so usable. For big changes I usually use a separated branch to not affect main trunk of development.

In case the software have few changes (either because is stable enough or even because I don't maintain it actively) I provide packaged tarballs.

Subversion Trunk

Basically you will need to setup CodeIgniter Framework. For the database, you need to create a pki database and user with full privileges on it for the app. To create the Database you can import the pki.sql file.

Configure the app via the config/appconfig.php file