23 lines
658 B
Markdown
23 lines
658 B
Markdown
# Runelab CA
|
|
|
|
A certificate authority for the homelab.
|
|
|
|
The master key is a yubikey kept in a physical vault at a bank.
|
|
|
|
## Signing
|
|
|
|
### Required Software
|
|
|
|
* OpenSSL
|
|
* [YKCS11](https://developers.yubico.com/yubico-piv-tool/YKCS11/)
|
|
* [AUR Link](https://aur.archlinux.org/packages/ykcs11-p11-kit-module)
|
|
|
|
### Generating the Root
|
|
|
|
```sh
|
|
# Creating the CSR
|
|
openssl req -new -engine pkcs11 -keyform engine -key "pkcs11:object=Private key for PIV Authentication" -out server.csr
|
|
# Signing the CSR
|
|
openssl x509 -req -sha256 -days 8000 -in server.csr -engine pkcs11 -keyform engine -signkey "pkcs11:object=Private key for PIV Authentication" -out server.crt
|
|
```
|
|
|