Goal

Provide a Certification Authority to handle certificate based authorization

Requirements

• CA Certificate
  • Create
  • Revoke
  • Renew
  • Download CA public key
  • Control TO-DO

• Certificate
  • Issue
  • Revoke
  • List
  • Renew
  • Download private and public keys
  • Control TO-DO

• Other modules (e.g. OpenVPN) will be able to access CA to create and retrieve keys

Design

• OpenSSL will be used (CPAN binding or command-line interface)

• CA Certificate
  • Create: Organization, Expiry Date (Remaining fields are possible to set by API)
  • Revoke: CA Certificate, reason (Optional) -> Revoking all the current issued certificates
  • Renew: CA Certificate, Expiry date (Re-signing all the valid certificates with the same expiry date)
  • Issue: Expiry date (After revoking a CA without using Renew method)
  • Download Public CA Key -> File in PEM Format
  • Control TO-DO

• Certificate
  • Issue: Common Name (Key), Expiry Date (Remaining fields are possible to set by API)
  • Revoke: Certificate to revoke (by CN), Reason (Optional)
  • List: state (Optional), excludeCA (Optional) -> Distinguished Name, State (Revoked, Valid or Expired), Expiry Date (Revoke date and reason for revoked certificates), Path, serial Number per Certificate
  • Get: Common Name or Distinguished Name or Serial Number -> Same attributes as List function
  • Renew : Certificate to renew (by CN), Expiry Date
  • Download Keys: Common Name (Key) -> Public and Private PEM format
  • RemovePrivateKey?: Common Name (Not accessible by GUI)
  • Update DB (check expired certificates, not accessible by GUI)
  • Current CA certificate state (Not accessible by GUI) -> state (Revoked, Expired, Valid or Inexistent)
  • Control TO-DO