damnx509

damnx509

A simple CLI for managing a small X.509 Certificate Authority!

• Screw the openssl binary, shell scripts, searching your command history for openssl invocations, this is just much cleaner.
• damnx509 offers a nice interactive issue subcommand that lets you set:
  • the extended usage thing (e.g. some WPA2 EAP-TLS clients absolutely require it to be set to clientAuth, now you don't have to worry about that)
  • Subject Alternative Names (the openssl binary only sets that from the openssl config file, what the hell)
  • the signature algorithm (RSA 2048/4096 and EC)
  • the digest algorithm (SHA256/384/512, note that WPA3-Enterprise 192-bit mode requires 384)
  • the URI of the CRL
• It also automatically offers default values from the CA (e.g. you want to default to the same country, city and CRL URI, right?)
• And automatically builds a PKCS12 (.p12) key+cert bundle (useful for browser client certs and WPA2 EAP-TLS).
• There's also a revoke subcommand to update the CRL (don't forget to upload it to the URI mentioned in the certificates).
• DON'T FORGET TO REMOVE UNENCRYPTED KEYS IF YOU WRITE THEM

You can use damnx509 to manage a personal CA to sign things like:

• Your various HTTPS, MQTT, etc. servers at home
• Your home WPA2 EAP-TLS network
• Your personal OpenVPN network
• Client certificates for accessing admin/monitoring/etc. interfaces on your servers
• An IndieCert client certificate for signing in with your domain

Installation

$ gem install damnx509

Run the command to see how to use it.

License

This is free and unencumbered software released into the public domain.
For more information, please refer to the UNLICENSE file or unlicense.org.