ref: 8d49a501616417168787025449179af4679b184c
./README.md
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 |
# Iron An Offline Certificate Authority ## What it this IRON is a collection of scripts that implement an offline Certification Authority for signing intermediate CA and leaf certificates. It is meant to be used to create client certificate for mTLS authentication in order to espose secure endpoints over the broader network and your private LAN. ## Use Cases - PKI for your Industrial IOT gateway clients - Internal zero-trust architecture - Secure communication between services with mTLS - Implement a service for enrollment of embedded IOT devices ## Special features Certificate Authority and client certificates are generated storage is file-based. ## Other Tools If you are looking for an online CA, or a way to implement one, you might find useful [cert-signer](https://code.kevwe.com/cert-signer.git) ## How To Build the library ``` cd cert-signer mvn clean install ``` ## Initialize the CA: ``` iron ca create ``` ## Use the CA to sign Client Certificates You can use iron to sign client certificates with your CA ``` $iron certificate <sign> <service> <CSR-file> ``` ## Getting Guidance ``` $ iron Usage: iron <command> [<args>] Some useful iron commands are: ca manage CA certificate create certificates client manage CSR for certificates creation commands List all iron commands debug manage CA keystore create and show contents of java keystore pkcs12 create *.p12 keystore service manage service/server certificate creation ``` ## License The code is freely available under GPL License see: [COPYING](/iron.git/tree/master/COPYING) Additional commercial support and licensing is available on request. Just issue a [support request](https://kevwe.com/message) and mention you are interested in [iron]() |