Goal

Provide a Certification Authority to handle certificate based authorization

Requirements

  • CA Certificate
    • Create
    • Revoke
    • Renew
    • Download CA public key and certificate
    • Control TO-DO
  • Certificate
    • Issue
    • Revoke
    • List
    • Renew
    • Download private/public keys and certificate
    • Control TO-DO
  • Other modules (e.g. OpenVPN) will be able to access CA to create and retrieve keys and certificates

Design

  • OpenSSL will be used (CPAN binding or command-line interface)
  • CA Certificate
    • Create: Organization, Expiry Date (Remaining fields are possible to set by API)
    • Revoke: CA Certificate, reason (Optional) -> Revoking all the current issued certificates
    • Renew: CA Certificate, Expiry date (Re-signing all the valid certificates with the same expiry date)
    • Issue: Expiry date (After revoking a CA without using Renew method)
    • Download CA information -> CA public key and CA certificate files, both in PEM format.
    • Control TO-DO
  • Certificate
    • Issue: Common Name (Key), Expiry Date (Remaining fields are possible to set by API)
    • Revoke: Certificate to revoke (by CN), Reason (Optional)
    • List: state (Optional), excludeCA (Optional) -> Distinguished Name, State (Revoked, Valid or Expired), Expiry Date (Revoke date and reason for revoked certificates), Path, serial Number per Certificate
    • Get: Common Name or Distinguished Name or Serial Number -> Same attributes as List function
    • Renew : Certificate to renew (by CN), Expiry Date
    • Download Information: Common Name (Key) -> Public/private keys and certificate files in PEM format
    • RemovePrivateKey?: Common Name (Not accessible by GUI)
    • Update DB (check expired certificates, not accessible by GUI)
    • Current CA certificate state (Not accessible by GUI) -> state (Revoked, Expired, Valid or Inexistent)
    • Control TO-DO