[[[ Agile Tasking ]]] [[ WORKING ]] * .p12 file using on strongswan (works, kind of) * PKI Bootstrap slide deck -request a meeting to go over the PKI and show the slide deck * research gitlab CI -install gitlab in docker -configure CI -try to have it run pki bootstrap?? [[ BACKLOG ]] [ current ] * create a ("CA-I package") zip file for distribution (folder: ca_i_4321.skunkworks.acme.xyz.zip) * add CA password?? * create Andriod certificate installation guide -copy file to sd, select .p12 file, password="password" * remove client .p12 password (have no password) [ misc ] * can I install certificates from an android application?? -can I used knox to install certificates?? * create GUI for cert gen process (electron+crypto-interface) * add tool for .p12 file extractor for MH provisioning * add havegd (make sure there is adequite entropy) [ ver 3.5 : xdev bootstrap chain-of-trust ] * select bootstrap generation computer (beaglebone, raspi) -create PKI Lifecycle package for "navy.mil" -sneakernet two CA-I * create a "navy-prod" branch -change strings from "acme.xyz" to ".mil" -make any other sensitive specific changes * create a "navy-dev" branch * create a "navy-int" branch (integration branch, similar to a beta branch) * integrate into the build -modify CI global variables (for each build) -certs are generated BEFORE pulled into image (not part of build process) -modify cert gen on NAS (looks for files in mount dir) [ ver 3.6 ] [[ COMPLETED ]] [ ver 3.4 ] * testing multiple CA-I compatibility -"103.cai.skunkworks.acme.xyz" -worked -"104.cai.skunkworks.acme.xyz" -worked * test "104.cai.skunkworks.acme.xyz" -load client certificate onto different tablet -worked [ ver 3.3 ] * SERIOUS refactoring to focus on local execution with default configs and SERIAL # incrementation * configuration defaults generated so that the CA-I package is all automated * gen_client.sh modified run with config defaults * gen_server.sh modified to run with config defaults * gen_client.sh will generate # of certs * gen_server.sh will generate # of certs * auto-increment SERIAL * CA FQDN saved to config file * CA-I FQDN saved to config file * added certificate generation count to PKI Bootstrap application * added certificate generation count to cai_gen application [ ver 3.2 ] * create new CA-I generation script that uses a CA -also packages .p12 for distrobution (use random high quality password) * added resources directory * added files to be copied during CA-I package creation [[ STORIES ]] PKI Bootstrap -generate a PKI Lifecycle Package PKI Lifecycle Package * Local Lifecycle : CA-I generation * Remote Lifecycle : CA-I distributed to organizations -generate client/server certificates [[ ISSUES ]]