Skip to content
/ ye3cert Public

A docker CA server based on Openssl and Alpine. Below 20 Mb. With CRL, OCSP and HTTP. GNS3 ready.

hub.docker.com/r/palw3ey/ye3cert

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

palw3ey/ye3cert

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
i18n
i18n
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Version.txt
Version.txt
 
 
bypass_docker_env.sh.dis
bypass_docker_env.sh.dis
 
 
entrypoint.sh
entrypoint.sh
 
 
mgmt.sh
mgmt.sh
 
 
ye3cert.gns3a
ye3cert.gns3a
 
 

Repository files navigation

ye3cert

A docker certificate authority server based on Openssl and Alpine, for creating and managing certificates. Light server, below 20 Mb. Including CRL, OCSP and HTTP server. GNS3 ready.

The /data folder is persistent.

Simple usage

docker run -dt --name mycert -e Y_HTTP_SHARE_CERT=yes palw3ey/ye3cert

# To show the management actions :
docker exec -it mycert sh --login -c "mgmt"

Test

# get container IP :
docker exec -it mycert sh --login -c "hostname -i"

# Open a web browser and paste the IP address,
# the certificate files will be displayed, and available for download.

HOWTOs

  • Show a base64 certificate in the terminal, eg: tux1 :
docker exec -it mycert sh --login -c "mgmt --action=pem --prefix=tux1"
  • Browse the ssl folder from the host :
# sudo is required
ls $(docker inspect mycert -f '{{range .Mounts}}{{ if eq .Type "volume" }}{{println .Source }}{{ end }}{{end}}')/ssl
  • Add a client certificate, with a filename prefix : tux2
# connect to the container
docker exec -it mycert sh --login -c sh

# use the management script
mgmt --action=add \
  --prefix=tux2 \
  --cn=pc2.test.lan \
  --password=1234 \
  --revo=yes \
  --san=DNS.1:pc2.test.lan,IP.1:12.168.9.32,IP.2:10.2.9.32

# To leave, type : exit, or use the escape sequence : Ctrl+P and next Ctrl+Q
  • Use your host Let's Encrypt certificates for HTTPS on 8443 port
docker run -dt --name mycert \
  -e TZ=America/Montreal \
  -e Y_HTTP_SHARE_CERT=yes \
  -p 8443:443 \
  -v /etc/letsencrypt/live/{YOUR_DOMAIN}/fullchain.pem:/data/fullchain.pem \
  -v /etc/letsencrypt/live/{YOUR_DOMAIN}/privkey.pem:/data/privkey.pem \
  palw3ey/ye3cert

GNS3

To run through GNS3, download and import the appliance : ye3cert.gns3a

Environment Variables

These are the env variables and their default values.

variables format default description
TZ text Europe/Paris Time zone. The list is in the folder /usr/share/zoneinfo
Y_LANGUAGE text fr_FR Language. The list is in the folder /i18n/
Y_IP IP address Server IP address
Y_HTTP yes/no yes yes, enable http/https server
Y_HTTP_SHARE_CERT yes/no no yes, to show certs files in the http server directory listing
Y_HTTP_SHARE_FOLDER folder path /data/ssl/certs http server directory listing path
Y_HTTP_PORT port number 80 http port
Y_HTTP_PORT_SECURE port number 443 https port
Y_CRL yes/no yes yes, to enable CRL update service
Y_CRL_FREQUENCY number of second 15 CRL update frequency
Y_OCSP yes/no yes yes, to enable OCSP service
Y_OCSP_PORT port number 8080 OCSP port
Y_DAYS number 3650 How long to certify for
Y_DNS url address ye3cert.test.lan The server address
Y_CN text ye3cert The server common name
Y_ORGANIZATION_NAME text Test The server Organization Name
Y_EMAIL_ADDRESS email address [email protected] The server email address
Y_COUNTRY_NAME Two letter country code FR The server country name, 2 letter code
Y_STATE_OR_PROVINCE_NAME text Ile-de-France The server state or province name
Y_LOCALITY_NAME text Paris The server locality name
Y_ORGANIZATIONAL_UNIT_NAME text Web The server organizational unit name
Y_KEY_USAGE text "nonRepudiation, digitalSignature, keyEncipherment" Key usage for a client certificate
Y_EXTENDED_KEY_USAGE text "serverAuth, clientAuth" Extended key usage for a client certificate
Y_CA_PASS password ca The password to use for the ca key

Compatibility

The docker image was compiled to work on these CPU architectures :

  • linux/386
  • linux/amd64
  • linux/arm/v6
  • linux/arm/v7
  • linux/arm64
  • linux/ppc64le
  • linux/s390x

Work on most computers including Raspberry Pi

Build

To customize and create your own images.

git clone https://github.com/palw3ey/ye3cert.git
cd ye3cert
# Make all your modifications, then :
docker build --no-cache --network=host -t ye3cert .
docker run -dt --name my_customized_cert ye3cert

Documentation

OpenSSL man page
lighttpd man page

Version

name version
ye3cert 1.0.0
openssl 3.1.4
lighttpd 1.4.73
alpine 3.18.4

ToDo

  • need to document env variables (2023-12-23)
  • add more translation files in i18n folder. Contribute ! Send me your translations by mail ;)

Don't hesitate to send me your contributions, issues, improvements on github or by mail.

License

MIT
author: palw3ey
maintainer: palw3ey
email: [email protected]
website: https://github.com/palw3ey/ye3cert
docker hub: https://hub.docker.com/r/palw3ey/ye3cert

About

A docker CA server based on Openssl and Alpine. Below 20 Mb. With CRL, OCSP and HTTP. GNS3 ready.

hub.docker.com/r/palw3ey/ye3cert

Topics

docker cisco openssl alpine certificate-authority crl ocsp certificate-generation gns3 certificate-management

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages