initial commit

3 files changed, 114 insertions, 0 deletions

diff --git a/ssl/manual-procedure.txt b/ssl/manual-procedure.txt
new file mode 100644
index 0000000..a0d0c55
--- /dev/null
+++ b/ssl/manual-procedure.txt
@@ -0,0 +1,25 @@
+Root certificate
+================
+
+1) generate private key
+openssl genpkey -algorithm RSA -out root.key.pem -pkeyopt rsa_keygen_bits:4096 -aes-256-cbc
+
+2) create root certificate signing request
+openssl req -new -key root.key.pem -out root.req.pem
+
+3) self-sign root certificate request
+openssl x509 -req -in root.req.pem -extfile openssl.cnf -extensions v3_ca -days 3650 -signkey root.key.pem -out root.cert.pem
+        
+
+Server certificate
+==================
+
+1) generate private key, same procedure as root
+
+2) create certificate signing request
+openssl req -new -key server.key.pem -out server.req.pem
+
+3) sign certificate
+openssl x509 -req -in server.req.pem -extfile openssl.cnf -extensions v3_usr -CA root.cert.pem -CAkey root.key.pem -CAcreateserial
+
+
diff --git a/ssl/uca/README.md b/ssl/uca/README.md
new file mode 100644
index 0000000..ac6fceb
--- /dev/null
+++ b/ssl/uca/README.md
@@ -0,0 +1,11 @@
+# uca - The Microscopic Certificate Authority
+Uca (mu-c-a) is a tiny wrapper script around OpenSSL for managing certificates.
+
+## Usage
+1.  Setup a new authority: creates a new root certificate and serial counter.
+        ```./uca setup```
+
+2.  Issue a new certificate: create a new certificate and sign it with the root certificate.
+        ```./uca issue <name>```
+
+Run `uca` without any options for help.
\ No newline at end of file
diff --git a/ssl/uca/uca b/ssl/uca/uca
new file mode 100755
index 0000000..625f684
--- /dev/null
+++ b/ssl/uca/uca
@@ -0,0 +1,78 @@
+#!/bin/bash -e
+
+# configuration variables (change at will)
+CONFIG="/etc/ssl/openssl.cnf"
+CERT_SUFFIX=".cert.pem"
+KEY_SUFFIX=".key.pem"
+REQ_SUFFIX=".req.pem"
+
+# global variables set through parameters
+CA=${CA:-root}
+CA_CERT="${CA}${CERT_SUFFIX}"
+CA_KEY="${CA}${KEY_SUFFIX}"
+CA_SERIAL="${CA}.srl"
+
+# print usage
+print_usage() {
+    cat <<- EOF
+    uca - a certificate authority of micro complexity
+    
+    uca setup
+    uca issue cert
+
+    Environment Variables:
+    CA name of certificate authority
+EOF
+}
+
+# generate new certificate authority
+new_ca() {
+    local ca_req="${CA}${REQ_SUFFIX}"
+
+    openssl genpkey -algorithm RSA -out "$CA_KEY" -pkeyopt rsa_keygen_bits:4096 #-aes-256-cbc
+    openssl req -new -key "$CA_KEY" -out "$ca_req"
+    openssl x509 -req -in "$ca_req" -extfile "$CONFIG" -extensions v3_ca -days 3650 -signkey "$CA_KEY" -out "$CA_CERT"
+
+    echo "01" > "$CA_SERIAL"
+
+    rm -f "$reqfile"
+}
+
+# issue new certificate
+# $1 name of new certificate
+issue() {
+    local keyfile="${1}${KEY_SUFFIX}"
+    local reqfile="${1}${REQ_SUFFIX}"
+    local certfile="${1}${CERT_SUFFIX}"
+
+    echo $certfile
+
+    openssl genpkey -algorithm RSA -out "$keyfile" -pkeyopt rsa_keygen_bits:4096
+    openssl req -new -key "$keyfile" -out "$reqfile"
+    openssl x509 -req -in "$reqfile" -extfile "$CONFIG" -extensions usr_cert -CA "$CA_CERT" -CAkey "$CA_KEY" -CAserial "$CA_SERIAL" -out "$certfile"
+
+    rm -f "$reqfile"
+}
+
+
+case "$1" in
+    setup)
+        new_ca
+        exit 0
+        ;;
+
+    issue)
+        if [ -e "$CA_CERT" ] && [ -e "$CA_KEY" ]; then
+            echo $2
+            issue $2
+            exit 0
+        else 
+            echo "no root certificate and key found"
+            exit 1
+        fi
+        ;;
+
+    *)
+        print_usage
+        exit 0
+esac
\ No newline at end of file