Majic Projects
Gimmecert
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Gimmecert / Closed Feature request GC-16 Ability to issue client certificates
action_vote_minus_faded.png
0
Votes
 action_vote_plus_faded.png
Go to the next issue (open or closed)
Go to the next open issue
This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Feature request
  • Category
    Not determined
  • Targetted for
    0.1.0
  • Status
    Closed
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    8 hours
  • Time spent
    6 hours
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Show / hide more details »
Description

Once the CA hierarchy has been initialised, it should be possible to issue client certificates.

The following should be done:

  • Implement client certificate issuance command.
  • Client issuance command should:
    • Generate the client private key.
    • Issue the client certificate using the lead CA from the hierarchy.
    • Provide user with information on what has been created.
  • Client certificate issuance command should accept the following mandatory arguments:
    • Entity name.
  • Client certificate issuance command should be implemented with the following constraints in mind:
    • Don't be destructive. If the certificate has already been issued, show a warning to user.
    • Artifacts should be stored within a sub-directory called .gimmecert/client/.
    • Subject DN should be of format CN=NAME, where NAME is the name provided by user.
    • Issued certificate should have a standard set of TLS key usages and extended key usages.
    • Client certificate should be issued by the leaf CA (furthest away from the root/level 1 CA).
    • Certificate validity should not exceed the CA validity.
    • Validity should start at time of issuance minus 15 minutes.
  • Documentation should cover:
    • Command usage, with just the entity name being provided.
    • Directory and file layout structure of generated artifacts.
    • Information about what CA is used for issuance.
    • Information about how the subject DN is constructed.
Todos (0 / 0)
Options
There are no comments