Recently I've been working on some projects related to OpenSSL and Certification Authorities. The challenge is not related to the use of OpenSSL, which can be mastered by memorising a limited set of commands, but rather lies in the consequent use of these commands, maintaining the proper naming conventions, directory structure and options / settings. To make the use of a OpenSSL based CA a bit more accessible I decided to write a 'small' python web front-end.
The tool itself will perform the commands on the host system through normal openssl command lines and therefore maintains full compatibility with OpenSSL itself. If something goes wrong or you need something done manually you can still issue the proper commands.
The pyPKI front-end has the following features and capabilities:
* Request new client or server certificate
* Perform bulk requests based on csv import file
* Revoke certificates
* Generate Certificate Revocation Lists
* Create reports on certificate expiration
* Reads most configuration settings from openssl.cnf such as Certification Authorities, default CSR parameters and more. See this blog post for instructions how to implement the basic filesystem structure for use with pyPKI
* Supports the use of Yubikey Neo with PIV applet to store the CA private key(s). See this blog post for instructions how to implement the Yubikey Neo to store your private keys.
You can download the pyPKI application here. Or by issuing:
git clone https://email@example.com/dverslegers/pypki.git
The installation instructions can be found in the readme.pdf located in the root directory.
Some screenshots of the application:
... Regularly reinventing a slightly different wheel ...