Tunfish certificate authority.
| License: | AGPLv3 |
|---|
A certificate authority based on django-ca with some added convenience features for automatically issuing certificates.
make init make run
virtualenv .venv --python=python3.8 source .venv/bin/activate pip install -r requirements/local.txt # Create path where certificates are stored. mkdir -p var/lib/ca export CA_DIR=$(pwd)/var/lib/ca export USE_DOCKER=no export DATABASE_URL=sqlite:///tunfish-ca.db # Create database. python manage.py migrate # Create CA root certificate. python manage.py init_ca RootCA CN=ca.example.org # Run HTTP server. python manage.py runserver 3333
python manage.py collectstatic python manage.py createsuperuser --username admin --email [email protected]
Open Django admin:
open http://127.0.0.1:3333/admin/
See also certificate authority management and certificate management.
# List CAs. python manage.py list_cas # Create client key and certificate signing request (CSR). openssl genrsa -out example.key 4096 openssl req -new -key example.key -out example.csr -utf8 -batch -subj '/CN=hello.example.org/[email protected]' # Sign a certificate (CSR). python manage.py sign_cert --ca=55067C --csr=example.csr --out=example.pem --client --alt=hello.example.org
# Request root certificate in PEM format. http http://localhost:3333/issuer/RootCA.pem # Sign a client certificate. cat example.csr | http http://localhost:3333/pki/RootCA/autosign?profile=client Content-Type:application/x-pem-file --output example.pem
- Add Django 3.0 baseline application made with Cookiecutter Django.
- Add Django application django-ca.
- See also Install django-ca as Django app.
# Request root certificate in DER format. http http://localhost:3333/issuer/55067C65E99A75A70F1277DC52FEF134727BA36E.der # Request root certificate in PEM format. http http://localhost:3333/issuer/55067C65E99A75A70F1277DC52FEF134727BA36E.pem