This is a small web front end for creating certifacates signed by a supplied CA cert and key.
It was written to run on a Raspberry Pi Zero running as a USB Ethernet gadget to provide a "secure" offline CA. Details can be found here
You can configure the service by editing the options.js
file
module.exports = {
caPath: "./ca".
caCertPath: "./ca/ca.crt",
caKeyPath: "./ca/ca.key",
life: 365,
port: 80
}
You can set the path to the CA's cert and key, set the default certificate life in days and the port the service will listen on.
To allow running as a normal user and still binding to port 80 run the following.
sudo setcap CAP_NET_BIND_SERVICE=+eip `which node`
Be aware this will allow ANY nodejs app to bind to system ports.
If you need to create a new CA cert then you can edit the createCA.js
file to set the DN information for the CA
and then run:
npm createCA -p <private key password for CA>
npm start
Just point your browser at the correct host/port and then pick from either a host or personal certificate. Fill in the required fields including the passphrase for the CA key and a passsphase for the output P12 file.
- build OpenVPN client config files
Add a LOT of error handlingAllow the uploading of an old cert (to extract the Subject info) to create new(not possible as needs priv key)Add more constraints to cert typesAdd support to update CA serial/csr data