raaka1 / ots-cert-demo

Proof of concept code to go with my OTS Certificate blog post

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

TLS certs for internal OTS hardware

Most off the shelf hardware devices use a web app as their primary user interface however most currently do it either over HTTP or use HTTPS but with a self-signed certificate. This project offers a way for vendors to ship boxes which, on boot, will pick up a valid certificate from Lets Encrypt to allow their users to safely access them whatever network they are placed on.

This project is a proof of concept demo of the process I talk about in my blog post TLS certs for internal OTS hardware.

There is also an accompanying post on how to get this project working - TLS certs for internal OTS hardware - Proof of Concept - but here is a summary for those who want to get started without having to read all about it.

To get started, you'll need:

  • A domain to issue certificates for.
  • A Cloudflare account and API key.
  • A working Go environment

Clone the project:

go get -v github.com/digininja/ots-cert-demo

Build the server:

cd ~/go/src/github.com/digininja/ots-cert/server
go get -v ./...
go build
cp ots-cert-server.cfg-template ots-cert-server.cfg

Edit the config file ots-cert-server.cfg with your chosen domain name and API details.

Start up the server:

INFO[0000] Starting the server
INFO[0000] No valid certificate found, going to create a new one 
INFO[0010] Creating DNS record
INFO[0011] Starting web server on: https://otsserver.ots-cert.space:9443

Build the client:

cd ~/go/src/github.com/digininja/ots-cert/client
go get -v ./...
go build
cp ots-cert-client.cfg-template ots-cert-client.cfg

You will need to edit the config file so it has the right address for the server.

Run the client:

INFO[0000] The hostname is: nifty-babbage.ots-cert.space
INFO[0010] The certificate was generated
INFO[0010] Setup complete, browse to https://nifty-babbage.ots-cert.space:8443

Browse to the client to check all is working:

curl https://nifty-babbage.ots-cert.space:8443
Congratulations, you should be viewing this over HTTPS on your custom domain.


Proof of concept code to go with my OTS Certificate blog post

License:GNU General Public License v3.0


Language:Go 100.0%