KTAB Open Repository

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57


# Cert-Signer

A Private CA implementation library

## What it this

Cert-Signer is a Java library that implements a Private CA, able to sign certificates for client of services within your organization.

It is meant to be used to create client certificate for mTLS authentication of private services within your network.

## Use Cases

-   PKI for your Industrial IOT gateway clients
-   Internal zero-trust architecture
-   Secure communication between services with mTLS
-   Implement a service for IOT devices enrollment

## Special features

Certificate Authority and client certificates are generated and stored via a **VaultSigningStrategy** on a Hashicorp Vault instance.

## How To Build the library

```
cd cert-signer
mvn clean install
```

## Initialize the CA:


You should have a Vault instance running, and you should create the following config file: **~/.vault-credentials.cfg**
with the following environment defined:

```
export VAULT_ENDPOINT="https://<my-address>/<custom-path>"
export VAULT_TOKEN="hvs.XXXXXXXXXXXXXXXX"
```

To initialize a custom CA for *my-service**

```
cd cert-signer
./script/initializeCA my-service
``` 

## Use the CA to sign Client Certificates

You can use the provided script to sign client certificates for your CA

```
./script/issueCertificate my-service my-client
```

## License

see: [COPYING](/cert-signer.git/tree/master/COPYING)