Goal

Provide a Certification Authority to handle certificate based authorization

Requirements

• CA Certificate
  • Create
  • Revoke
  • Renew
  • Download CA public key
  • Control TO-DO

• Certificate
  • Issue
  • Revoke
  • List
  • Renew
  • Download private and public keys
  • Control TO-DO

• Other modules (e.g. OpenVPN) will be able to access CA to create and retrieve keys

Design

• OpenSSL will be used (CPAN binding or command-line interface)

• CA Certificate
  • Create: Organization, Expiry Date, CA Passpharse (Remaining fields are possible to set by API)
  • Revoke: CA Certificate, CA Passpharse, reason (Optional) -> Revoking all the current issued certificates
  • Renew: CA Certificate, Expiry date, CA Passpharse (Re-signing all the valid certificates with the same expiry date)
  • Issue: Expiry date, CA Passpharse (After revoking a CA without using Renew method)
  • Download Public CA Key -> File in PEM Format
  • Control TO-DO

• Certificate
  • Issue: Common Name (Key), Expiry Date, User Passpharse, CA Passpharse (Remaining fields are possible to set by API)
  • Revoke: Certificate to revoke (by CN), CA Passpharse, Reason (Optional)
  • List: cn (Optional), serial (Optional) -> Distinguished Name, State (Revoked, Valid or Expired), Expiry Date (Revoke date and reason for revoked certificates) by Certificate
  • Renew : Certificate to renew (by CN), Expiry Date, CA Passpharse
  • Download Keys -> Public and Private PEM format
  • RemovePrivateKey?: Common Name (Not accessible by GUI)
  • Update DB (check expired certificates, not accessible by GUI)
  • Current CA certificate state (Not accessible by GUI) -> state (Revoked, Expired, Valid or Inexistent)
  • Control TO-DO