daan/runelab-ca
1
0
Fork 0
Code Issues Activity
No description https://ca.boerlage.me/
1 commit 1 branch 0 tags 47 KiB
Find a file
Daan Boerlage 9b488f7e7c
Initial Commit
2023-11-20 00:01:57 +01:00
readme.md Initial Commit 2023-11-20 00:01:57 +01:00
runelab-ca-root.crt Initial Commit 2023-11-20 00:01:57 +01:00

readme.md

Runelab CA

A certificate authority for the homelab.

The master key is a yubikey kept in a physical vault at a bank.

Signing

Required Software

Generating the Root

# Creating the CSR
openssl req -new -engine pkcs11 -keyform engine -key "pkcs11:object=Private key for PIV Authentication" -out server.csr
# Signing the CSR
openssl x509 -req -sha256 -days 8000 -in server.csr -engine pkcs11 -keyform engine -signkey "pkcs11:object=Private key for PIV Authentication" -out server.crt