Initial Commit

readme.md

@@ -0,0 +1,23 @@
+# Runelab CA
+
+A certificate authority for the homelab.
+
+The master key is a yubikey kept in a physical vault at a bank.
+
+## Signing
+
+### Required Software
+
+* OpenSSL
+* [YKCS11](https://developers.yubico.com/yubico-piv-tool/YKCS11/)
+  * [AUR Link](https://aur.archlinux.org/packages/ykcs11-p11-kit-module)
+
+### Generating the Root
+
+```sh
+# Creating the CSR
+openssl req -new -engine pkcs11 -keyform engine -key "pkcs11:object=Private key for PIV Authentication" -out server.csr
+# Signing the CSR
+openssl x509 -req -sha256 -days 8000 -in server.csr -engine pkcs11 -keyform engine -signkey "pkcs11:object=Private key for PIV Authentication" -out server.crt
+```
+

runelab-ca-root.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGzCCAgMCFEUnoKvAlZ5dFFciSfh5jhq7GqkIMA0GCSqGSIb3DQEBCwUAMEox
+CzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxEDAOBgNVBAoMB1J1bmVsYWIx
+GDAWBgNVBAMMD1J1bmVsYWIgQ0EgUm9vdDAeFw0yMzExMTkyMjQ3NTdaFw00NTEw
+MTQyMjQ3NTdaMEoxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxEDAOBgNV
+BAoMB1J1bmVsYWIxGDAWBgNVBAMMD1J1bmVsYWIgQ0EgUm9vdDCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAM7UXqiRcojtO2mkTAfz94xhvYsTEXMrs9J2
+b7tV9f6PidXX8uBnr9JQ1yeD8ldhTeFujik5wPlFef2Iro72bhmfghFEo+cMEXJD
+D9R3Sut0QsRn4qJQ+Q2A/BEaxIhGMJyzrQE3CiRpSO8gQFlCgOs+kgdaTTaIqqZl
+sfnTbRxqTAqQmaUWN/QrzvtzuS6+l+f9X1UhOyon6wUZDbr2T5WU+zZC8ZShoidf
+kSlBYtOt97BHEnIHemB8R2juCxyrrey+cSqd/QA8ek7JUdQKLSWLmwOFPUIDkb2z
+Oj9AftplNMc+fJfXriaYsjFgDKyjVS65ooPV1rh4wTtMFL9IHVMCAwEAATANBgkq
+hkiG9w0BAQsFAAOCAQEAnlSNHZw46gDjxv06ILvsjhKqrPcHOHQZiqU4rfDu5MFU
+Y/9A5H+JwzBq8W54utrq2eQ7t6p89B903OJKUnIkMCKH/Ut1MedI2nPcALTR9GHy
+fUk8XPz6sW4Kv9cM+lUG6pMaNd7QMFPiBNZXTaIyKZkIfXxVaIRAdSTU/8xVufRP
+73Dt2OnWmvUEo6XYyZ/ZoK0KAQdGQBU15U1bHciaoiRtDcUVHTpfOIvzhE3Na1px
+qVhv6uZ/Y2dXP6gxo6Q4eCmM97ZXR2yzRA6SVmePfyfXv4Q0TJR88IB9EPOdXQaW
+Q0L285Ca4W4eetxYuGcX3Pm8QwdOX6BW1Mp0iDKrSA==
+-----END CERTIFICATE-----