Git Product home page Git Product logo

quicktls's Introduction

QuickTLS

QuickTLS generates server and client TLS certificates along with the CA certificate use to sign them. The private key to the CA is never saved, allowing for safely importing the CA into a certificate chain without fear of compromise of the CA. If any server or client key is compromised, the entire CA should be thrown out and new server, client, and CA certificates should be generated.

Usage

$ quicktls -h
Usage of quicktls:
  -clients=0: Number of client certificates to generate
  -exp=25920h0m0s: Time until Certificate expiration
  -o="": Output directory
  -org="QuickTLS": Organization in the certificate
  -rsa=4096: Number of RSA bits

Generate client certificate and server certificate for example.com

$ quicktls -clients=1 example.com
$ ls
ca.pem  client-0.cert  client-0.key  example.com.cert  example.com.key

Use Cases

Docker Private Registry

This utility can be used to easily create TLS certificates for a Docker registry, including for TLS client authentication. The client certificates and server certificate do not need to use the same CA, but it is faster to set up for basic use cases with only a few clients or when sharing a private key might be considered appropriate.

Generate the certificates (with only 1 client)

$ quicktls -clients 1 registry.example.com
$ ls
ca.pem  client-0.cert  client-0.key  registry.example.com.cert  registry.example.com.key

Install on machine running Docker daemon

$ sudo cp ca.pem /etc/docker/certs.d/registry.example.com/ca.crt
$ sudo cp client-0.cert /etc/docker/certs.d/registry.example.com/client.cert
$ sudo cp client-0.key /etc/docker/certs.d/registry.example.com/client.key

Setup private registry

with nginx

Copy files to nginx machine

$ cp registry.example.com.cert cert-registry.example.com.pem
$ cp registry.example.com.key key-registry.example.com.pem
$ cp ca.pem client-registry.example.com.pem

Update server section of nginx config

server {
  listen 443;
  server_name registry.example.com;
  ssl on;
  ssl_certificate /etc/nginx/ssl/cert-registry.example.com.pem;
  ssl_certificate_key /etc/nginx/ssl/key-registry.example.com.pem;
  ssl_client_certificate /etc/nginx/ssl/client-registry.example.com.pem;
  ssl_verify_client on;
  ...
}

quicktls's People

Contributors

dmcgowan avatar longsleep avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.