===============================================
Certificate Authority (CA) Generation
CA Intermediate Generation and Distribution
Project ReadMe
Version 3.x
===============================================
-------------
INTRO
-------------
This package contains a set of programs to generate an entire certificate chain of trust
and will configure StrongSwan server. .p12 files are generated for client distribution.
There are two main applications contained in this project.
* PKI Bootstrap : MOB Hub System
- 1 x Certificate Authority (CA) generation
- 5 x CA Intermediate generation
- 10 x Server and Client certificate generation (based on CA-I)
- CA, CA-I, Server, and Client certificate packaged as .p12 file for easy import to Android (other clients too)
* PKI Lifecycle : MOB Hub System
- Unlimited CA Intermediate generation
- Unlimited Server and Client generation (based on CA-I)
---------------------
VERSIONS
---------------------
Ver 3.2 - MOB Hub PKI Lifecycle
* PKI Lifecycle
- generate certificates during the CA's lifecycle
Ver 3.1 - MOB Hub PKI Bootstrap
* PKI Bootstrap
- generate an entire chain-of-trust
Ver 3.0 - CA Intermediate Support
* requires openssl (does not require ipsec)
* CA Intermediate support
-root CA can be generated with 5-10yr expiration, put into cold-storage
* small to large organizational support
---------------------
TODO
---------------------
* SCEP support
---------------------
TROUBLESHOOTING
---------------------
1) Look at the error log for detailed information:
$ tail -n 40 /var/log/syslog
2) Check the date/time of the device. A common problem is a certificate date/time valid range issue.
Make sure your server date is within the CA, and Server certificate valid date.
----------------
METHODOLOGY
----------------
5366ef101d