106 lines
2.8 KiB
Plaintext
106 lines
2.8 KiB
Plaintext
[[[ Agile Tasking ]]]
|
|
|
|
|
|
[[ WORKING ]]
|
|
|
|
* .p12 file using on strongswan (works, kind of)
|
|
|
|
* PKI Bootstrap slide deck
|
|
-request a meeting to go over the PKI and show the slide deck
|
|
|
|
* research gitlab CI
|
|
-install gitlab in docker
|
|
-configure CI
|
|
-try to have it run pki bootstrap??
|
|
|
|
|
|
|
|
[[ BACKLOG ]]
|
|
|
|
[ current ]
|
|
* create a ("CA-I package") zip file for distribution (folder: ca_i_4321.skunkworks.acme.xyz.zip)
|
|
* add CA password??
|
|
* create Andriod certificate installation guide
|
|
-copy file to sd, select .p12 file, password="password"
|
|
* remove client .p12 password (have no password)
|
|
|
|
[ misc ]
|
|
* can I install certificates from an android application??
|
|
-can I used knox to install certificates??
|
|
* create GUI for cert gen process (electron+crypto-interface)
|
|
* add tool for .p12 file extractor for MH provisioning
|
|
* add havegd (make sure there is adequite entropy)
|
|
|
|
|
|
[ ver 3.5 : xdev bootstrap chain-of-trust ]
|
|
* select bootstrap generation computer (beaglebone, raspi)
|
|
-create PKI Lifecycle package for "navy.mil"
|
|
-sneakernet two CA-I
|
|
* create a "navy-prod" branch
|
|
-change strings from "acme.xyz" to ".mil"
|
|
-make any other sensitive specific changes
|
|
* create a "navy-dev" branch
|
|
* create a "navy-int" branch (integration branch, similar to a beta branch)
|
|
* integrate into the build
|
|
-modify CI global variables (for each build)
|
|
-certs are generated BEFORE pulled into image (not part of build process)
|
|
-modify cert gen on NAS (looks for files in mount dir)
|
|
|
|
|
|
[ ver 3.6 ]
|
|
|
|
|
|
|
|
|
|
[[ COMPLETED ]]
|
|
|
|
[ ver 3.4 ]
|
|
* testing multiple CA-I compatibility
|
|
-"103.cai.skunkworks.acme.xyz" -worked
|
|
-"104.cai.skunkworks.acme.xyz" -worked
|
|
* test "104.cai.skunkworks.acme.xyz"
|
|
-load client certificate onto different tablet -worked
|
|
|
|
|
|
[ ver 3.3 ]
|
|
* SERIOUS refactoring to focus on local execution with default configs and SERIAL # incrementation
|
|
* configuration defaults generated so that the CA-I package is all automated
|
|
* gen_client.sh modified run with config defaults
|
|
* gen_server.sh modified to run with config defaults
|
|
* gen_client.sh will generate # of certs
|
|
* gen_server.sh will generate # of certs
|
|
* auto-increment SERIAL
|
|
* CA FQDN saved to config file
|
|
* CA-I FQDN saved to config file
|
|
* added certificate generation count to PKI Bootstrap application
|
|
* added certificate generation count to cai_gen application
|
|
|
|
|
|
[ ver 3.2 ]
|
|
* create new CA-I generation script that uses a CA
|
|
-also packages .p12 for distrobution (use random high quality password)
|
|
* added resources directory
|
|
* added files to be copied during CA-I package creation
|
|
|
|
|
|
|
|
[[ STORIES ]]
|
|
|
|
PKI Bootstrap
|
|
-generate a PKI Lifecycle Package
|
|
|
|
PKI Lifecycle Package
|
|
* Local Lifecycle : CA-I generation
|
|
|
|
* Remote Lifecycle : CA-I distributed to organizations
|
|
-generate client/server certificates
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[[ ISSUES ]]
|
|
|
|
|