google / easypki Goto Github PK
View Code? Open in Web Editor NEWCreating a certificate authority the easy way
License: Apache License 2.0
Creating a certificate authority the easy way
License: Apache License 2.0
Greetings,
We like to keep our pki offline. Given that some folks are Linux, and others are Mac, the best format to use (most unfortunately) is FAT32. That has a problem with hard-links. Do we really need to store things both within the hierarchy and flat? If not, we could have an option to make the hard-links or not, but then we need to look in the same place for files (right now, if the hardlink fails, you can't read the signing key, for example).
If not, could we make a copy rather than a hardlink (yes, wasteful, I know, but we are talking about small bits of data).
Thoughts?
Hi, I'm a newbie in go and I want to use the cli of this repository on centos 7
As stated in the README file, I executed the command line go get github.com/google/easypki/cmd/easypki which is supposed to get the cli. But I'm getting this huge error stack
I'm using go version 1.15.2
[root@localhost opt]# go get github.com/google/easypki/cmd/easypki
# github.com/google/easypki/cmd/easypki
/root/go/src/github.com/google/easypki/cmd/easypki/main.go:52:37: cannot slice c.Args() (type cli.Args)
/root/go/src/github.com/google/easypki/cmd/easypki/main.go:126:14: cannot range over c.Args() (type cli.Args)
/root/go/src/github.com/google/easypki/cmd/easypki/main.go:159:5: app.Author undefined (type *cli.App has no field or method Author)
/root/go/src/github.com/google/easypki/cmd/easypki/main.go:160:5: app.Email undefined (type *cli.App has no field or method Email)
/root/go/src/github.com/google/easypki/cmd/easypki/main.go:171:17: cannot use cli.StringFlag literal (type cli.StringFlag) as type cli.Flag in slice literal:
cli.StringFlag does not implement cli.Flag (Apply method has pointer receiver)
/root/go/src/github.com/google/easypki/cmd/easypki/main.go:175:4: unknown field 'EnvVar' in struct literal of type cli.StringFlag
/root/go/src/github.com/google/easypki/cmd/easypki/main.go:184:4: cannot use r.revoke (type func(*cli.Context)) as type cli.ActionFunc in field value
/root/go/src/github.com/google/easypki/cmd/easypki/main.go:189:4: cannot use r.crl (type func(*cli.Context)) as type cli.ActionFunc in field value
/root/go/src/github.com/google/easypki/cmd/easypki/main.go:191:16: cannot use cli.IntFlag literal (type cli.IntFlag) as type cli.Flag in slice literal:
cli.IntFlag does not implement cli.Flag (Apply method has pointer receiver)
/root/go/src/github.com/google/easypki/cmd/easypki/main.go:196:5: cannot use caNameFlag (type cli.StringFlag) as type cli.Flag in slice literal:
cli.StringFlag does not implement cli.Flag (Apply method has pointer receiver)
/root/go/src/github.com/google/easypki/cmd/easypki/main.go:196:5: too many errors
If I'm doing things wrong please provide how to build the project.
While in the process of rolling out my CA I discovered an issue with the certificates being generated by easypki
. I was trying to use certificates generated by easypki
within Consul, but I kept getting errors indicating the certificate did not have the correct usage extensions. Upon inspection one of my organization's commercial certificates I noticed that it had both ServerAuth and ClientAuth.
I've fixed this bug in the same branch that adds the functionality requested in #2. If you'd like it separate from that I'd be happy to cherry-pick the work.
Hey there,
I was looking to use easypki
to create a CA that has the intent of becoming an offline root CA. When I went to begin creating intermediate certificates from the root CA, it became apparent that easypki
lacked the ability to do so. At the same time, I noticed easypki
also doesn't allow you to set the MaxDepthLen
, which is something you may want on a root CA and probably on an intermediate.
I've preempted the CONTRIBUTING.md
file, slightly, by making modifications to easypki
to unblock myself. Because of there only being certain fields available in the *x509.Certificate
struct, I believe this does require a breaking change in the API. It is mildly convenient because GenerateCertifcate
is missing an i
in certificate anyhow, so we can also fix that typo!
For the user, I've implemented the above as two flags:
--intermediate
- tells easypki
to generate an intermediate--max-depth-len
- sets the pathLenConstraint in the Basic Constrains standard extensionI'm happy to open a PR if you'd like to see the implementation or I am happy to discuss it more in this issue.
Is there a way to set the certificate expiration?
Hi
I guess I am missing something obvious.
root@lamp /tmp/pki# go get github.com/google/easypki/pkg/easypki
/go/src/github.com/google/easypki/pkg/easypki/easypki.go:87: privateKey.Public undefined (type *rsa.PrivateKey has no field or method
Public)
/go/src/github.com/google/easypki/pkg/easypki/template.go:53: genReq.Template.MaxPathLenZero undefined (type *x509.Certificate has no
field or method MaxPathLenZero)
Note that this repo is not anymore maintained.
When using either go1.13.4 and go1.12.13 linux/amd64 builds from https://golang.org/dl/ on Ubuntu 18.04, running:
go get github.com/google/easypki/cmd/easypki
Results in:
# github.com/google/easypki/cmd/easypki
go/src/github.com/google/easypki/cmd/easypki/main.go:52:37: cannot slice c.Args() (type cli.Args)
go/src/github.com/google/easypki/cmd/easypki/main.go:126:14: cannot range over c.Args() (type cli.Args)
go/src/github.com/google/easypki/cmd/easypki/main.go:159:5: app.Author undefined (type *cli.App has no field or method Author)
go/src/github.com/google/easypki/cmd/easypki/main.go:160:5: app.Email undefined (type *cli.App has no field or method Email)
go/src/github.com/google/easypki/cmd/easypki/main.go:171:17: cannot use cli.StringFlag literal (type cli.StringFlag) as type cli.Flag in array or slice literal:
cli.StringFlag does not implement cli.Flag (Apply method has pointer receiver)
go/src/github.com/google/easypki/cmd/easypki/main.go:175:4: unknown field 'EnvVar' in struct literal of type cli.StringFlag
go/src/github.com/google/easypki/cmd/easypki/main.go:184:4: cannot use r.revoke (type func(*cli.Context)) as type cli.ActionFunc in field value
go/src/github.com/google/easypki/cmd/easypki/main.go:189:4: cannot use r.crl (type func(*cli.Context)) as type cli.ActionFunc in field value
go/src/github.com/google/easypki/cmd/easypki/main.go:191:16: cannot use cli.IntFlag literal (type cli.IntFlag) as type cli.Flag in array or slice literal:
cli.IntFlag does not implement cli.Flag (Apply method has pointer receiver)
go/src/github.com/google/easypki/cmd/easypki/main.go:196:5: cannot use caNameFlag (type cli.StringFlag) as type cli.Flag in array or slice literal:
cli.StringFlag does not implement cli.Flag (Apply method has pointer receiver)
go/src/github.com/google/easypki/cmd/easypki/main.go:196:5: too many errors
Hello,
congrats on the project, I think something like this is widely needed.
It would be great though, if it were possible to sign CSRs.
Regards
Alexander
When troubleshooting certificate chain issues with the CA generated by easypki
and Consul, I ran in to the following Hashicorp/Vault issue regarding an issue with CAs it was generating:
In short, without the ExtKeyUsageAny
extension the Go runtime was failing to validate the certificate chain. The suggested change by the Vault developers was to change Vault to give the CAs the ExtKeyUsageAny
extension.
I've found/fixed this bug while working on my branch that implements the functionality in #2.
I'm trying to import CA cert for browser, the step:
Import CA+chain.crt in your favorite browser.
of the README.md of the example of ClientAuth.
However i got the error on Chrome:
The Private Key for this Client Certificate is missing or invalid.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.