MOD: more serious re-org to support the new PKI Lifecycle gerneration

2018-08-12 14:08:31 -07:00 · 2018-08-12 14:08:31 -07:00 · d3af83080f
parent 1816ecc5a2
commit d3af83080f
12 changed files with 30 additions and 21 deletions
--- a/docs/ccc_certs
+++ b/docs/ccc_certs
@ -1,6 +1,7 @@
 [[[ Certificate Code Command & Control ]]]


+[ p12 file ]
 # show the sections of the package file
 $ openssl pkcs12 -in ~/cert.p12 -nodes -passin pass:"password"

--- a/docs/cert_overlord
+++ b/docs/cert_overlord
@ -1,5 +1,7 @@
 [[[ Certificate Overlord ]]]

+
+[ Features ]
 * GUI with modern design (responsive)
  -modern form input features: auto complete, highlighting
 * simple wizard
--- a/docs/pki_agile
+++ b/docs/pki_agile
@ -3,35 +3,28 @@

 [[ WORKING ]]

-* CA-I serial #s ??
-  X.p12 file for CA-I  (to import into M$ products)
-  -.p12 file extractor for MH provisioning
-* create GUI for cert gen process  (electron+crypto-interface)
-* create certificate installation guide
-  -copy file to sd, select .p12 file, password="password"
-* can I install certificates from an android application??
-  -can I used knox to install certificates??
+* PKI Bootstrap:  cp lifecycle functions

-* gen servers
-  -make sure the serial# is incremented

-* gen clients
-  -make sure the serial# is incremented


 [[ BACKLOG ]]

-[ ver3 ]
+[ current ]
+* auto-increment SERIAL
+* create certificate installation guide
+  -copy file to sd, select .p12 file, password="password"
+* can I install certificates from an android application??
+  -can I used knox to install certificates??
+* create GUI for cert gen process  (electron+crypto-interface)
+* add tool for .p12 file extractor for MH provisioning
+
+
+[ ver 1.4 ]
 * create new "certificate bootstrap" with .cfg parameters for CA ".mil" strings
 * create new CA generation script that also reads .cfg
 * create new CA-I generation script that uses a CA
  -also packages .p12 for distrobution  (use random high quality password)
-* create new client generation script that uses CA-I
-  -just for testing purposes 
-* create new server generation script that uses CA-I
-  -just for testing purposes 
-* update ver3/conf so that ipsec.conf  is default
-  -update ipsec_dev.conf to have developer


 [ bootstrap cert chain-of-trust ]
@ -41,12 +34,25 @@
  -sneakernet two CA-I


+[ ver 1.5 ]

-[ ver4 ]




+[[ STORIES ]]
+
+PKI Bootstrap
+  -generate a PKI Lifecycle Package
+
+PKI Lifecycle Package
+  * Local Lifecycle : CA-I generation
+
+  * Remote Lifecycle : CA-I distributed to organizations
+    -generate client/server certificates
+
+
+
 [[ COMPLETED ]]


--- a/src/pki_bootstrap/SERIAL
+++ b/src/pki_bootstrap/SERIAL
@ -1 +1 @@
-10000
+101
--- a/src/pki_bootstrap/docs/README_LC
+++ b/src/pki_bootstrap/docs/README_LC
--- a/src/pki_bootstrap/libs/gen_ca-i.sh
+++ b/src/pki_bootstrap/libs/gen_ca-i.sh
--- a/src/pki_bootstrap/libs/gen_client.sh
+++ b/src/pki_bootstrap/libs/gen_client.sh
--- a/src/pki_bootstrap/libs/gen_server.sh
+++ b/src/pki_bootstrap/libs/gen_server.sh
--- a/src/pki_bootstrap/libs/pki_funcs.sh
+++ b/src/pki_bootstrap/libs/pki_funcs.sh
--- a/src/pki_lifecycle/ca-i/ca/ca.crt.pem
+++ b/src/pki_lifecycle/ca-i/ca/ca.crt.pem
--- a/src/pki_lifecycle/mh/ca-i/ca-i.crt.pem
+++ b/src/pki_lifecycle/mh/ca-i/ca-i.crt.pem
--- a/src/pki_lifecycle/tt/ca-i/ca-i.crt.pem
+++ b/src/pki_lifecycle/tt/ca-i/ca-i.crt.pem