MOD: more serious re-org to support the new PKI Lifecycle gerneration
This commit is contained in:
JohnE
parent
1816ecc5a2
commit
d3af83080f
|
|
@ -1,6 +1,7 @@
|
||||||
[[[ Certificate Code Command & Control ]]]
|
[[[ Certificate Code Command & Control ]]]
|
||||||
|
|
||||||
|
|
||||||
|
[ p12 file ]
|
||||||
# show the sections of the package file
|
# show the sections of the package file
|
||||||
$ openssl pkcs12 -in ~/cert.p12 -nodes -passin pass:"password"
|
$ openssl pkcs12 -in ~/cert.p12 -nodes -passin pass:"password"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,7 @@
|
||||||
[[[ Certificate Overlord ]]]
|
[[[ Certificate Overlord ]]]
|
||||||
|
|
||||||
|
|
||||||
|
[ Features ]
|
||||||
* GUI with modern design (responsive)
|
* GUI with modern design (responsive)
|
||||||
-modern form input features: auto complete, highlighting
|
-modern form input features: auto complete, highlighting
|
||||||
* simple wizard
|
* simple wizard
|
||||||
|
|
|
||||||
|
|
@ -3,35 +3,28 @@
|
||||||
|
|
||||||
[[ WORKING ]]
|
[[ WORKING ]]
|
||||||
|
|
||||||
* CA-I serial #s ??
|
* PKI Bootstrap: cp lifecycle functions
|
||||||
X.p12 file for CA-I (to import into M$ products)
|
|
||||||
-.p12 file extractor for MH provisioning
|
|
||||||
* create GUI for cert gen process (electron+crypto-interface)
|
|
||||||
* create certificate installation guide
|
|
||||||
-copy file to sd, select .p12 file, password="password"
|
|
||||||
* can I install certificates from an android application??
|
|
||||||
-can I used knox to install certificates??
|
|
||||||
|
|
||||||
* gen servers
|
|
||||||
-make sure the serial# is incremented
|
|
||||||
|
|
||||||
* gen clients
|
|
||||||
-make sure the serial# is incremented
|
|
||||||
|
|
||||||
|
|
||||||
[[ BACKLOG ]]
|
[[ BACKLOG ]]
|
||||||
|
|
||||||
[ ver3 ]
|
[ current ]
|
||||||
|
* auto-increment SERIAL
|
||||||
|
* create certificate installation guide
|
||||||
|
-copy file to sd, select .p12 file, password="password"
|
||||||
|
* can I install certificates from an android application??
|
||||||
|
-can I used knox to install certificates??
|
||||||
|
* create GUI for cert gen process (electron+crypto-interface)
|
||||||
|
* add tool for .p12 file extractor for MH provisioning
|
||||||
|
|
||||||
|
|
||||||
|
[ ver 1.4 ]
|
||||||
* create new "certificate bootstrap" with .cfg parameters for CA ".mil" strings
|
* create new "certificate bootstrap" with .cfg parameters for CA ".mil" strings
|
||||||
* create new CA generation script that also reads .cfg
|
* create new CA generation script that also reads .cfg
|
||||||
* create new CA-I generation script that uses a CA
|
* create new CA-I generation script that uses a CA
|
||||||
-also packages .p12 for distrobution (use random high quality password)
|
-also packages .p12 for distrobution (use random high quality password)
|
||||||
* create new client generation script that uses CA-I
|
|
||||||
-just for testing purposes
|
|
||||||
* create new server generation script that uses CA-I
|
|
||||||
-just for testing purposes
|
|
||||||
* update ver3/conf so that ipsec.conf is default
|
|
||||||
-update ipsec_dev.conf to have developer
|
|
||||||
|
|
||||||
|
|
||||||
[ bootstrap cert chain-of-trust ]
|
[ bootstrap cert chain-of-trust ]
|
||||||
|
|
@ -41,12 +34,25 @@
|
||||||
-sneakernet two CA-I
|
-sneakernet two CA-I
|
||||||
|
|
||||||
|
|
||||||
|
[ ver 1.5 ]
|
||||||
|
|
||||||
[ ver4 ]
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
[[ STORIES ]]
|
||||||
|
|
||||||
|
PKI Bootstrap
|
||||||
|
-generate a PKI Lifecycle Package
|
||||||
|
|
||||||
|
PKI Lifecycle Package
|
||||||
|
* Local Lifecycle : CA-I generation
|
||||||
|
|
||||||
|
* Remote Lifecycle : CA-I distributed to organizations
|
||||||
|
-generate client/server certificates
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
[[ COMPLETED ]]
|
[[ COMPLETED ]]
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1 +1 @@
|
||||||
10000
|
101
|
||||||
Loading…
Reference in New Issue