etcd-ca

command module

v0.0.0-...-c3dd5ec Latest Latest Go to latest Published: Nov 18, 2015 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/coreos/etcd-ca

README ¶

etcd-ca

A simple certificate manager written in Go. Easy to use with limited capability.

DEPRECATED

etcd now uses cfssl as the official tool to generate certificates. cfssl provides more features and is well maintained. We provide an example using the tool here.

Common Uses

etcd-ca allows you to build your own certificate system:

Create certificate authority
Create, issue and export host certificates
Manage host identities
Deploy a Public Key Infrastructure

Primarly used for coreos/etcd SSL/TLS testing.

Certificate architecture

etcd-ca inits a certificate authority, and issues certificates using the authority only. It indicates the length of authorization path is at most 2.

Examples

Create a new certificate authority:

$ ./etcd-ca init
Created ca/key
Created ca/crt

Create a new host identity, including keypair and certificate request:

$ ./etcd-ca new-cert alice
Created alice/key
Created alice/csr

etcd-ca uses 127.0.0.1 for IP SAN in default. If etcd has peer address $etcd_ip other than 127.0.0.1, run ./etcd-ca new-cert -ip $etcd_ip alice instead.

If your server has mutiple ip addresses or domains, use comma seperated ip/domain list with -ip/-domain. eg: ./etcd-ca new-cert -ip $etcd_ip1,$etcd_ip2 -domain $etcd_domain1,$etcd_domain2

Sign certificate request of host and generate the certificate:

$ ./etcd-ca sign alice
Created alice/crt from alice/csr signed by ca.key

Export the certificate chain for host:

$ ./etcd-ca chain alice
----BEGIN CERTIFICATE-----
CA certificate body
-----END CERTIFICATE-----
----BEGIN CERTIFICATE-----
alice certificate body
-----END CERTIFICATE-----

Package up the certificate and key of host:

$ ./etcd-ca export alice > alice.tar

Because etcd takes unencrypted key for -key-file and -peer-key-file, you should use ./etcd-ca export --insecure alice > alice.tar to export private key.

List the status of all certificates:

$ ./etcd-ca status
ca: WARN (60 days until expiration)
alice: OK (120 days until expiration)
bob: Unsigned

Getting Started

Building

etcd-ca must be built with Go 1.3+. You can build etcd-ca from source:

$ git clone https://github.com/coreos/etcd-ca
$ cd etcd-ca
$ ./build

This will generate a binary called ./bin/etcd-ca

Examples

generate certificates for etcd

Project Details

Contributing

See CONTRIBUTING for details on submitting patches and contacting developers via IRC and mailing lists.

License

etcd-ca is under the Apache 2.0 license. See the LICENSE file for details.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

etcd-ca.go

Directories ¶

Path	Synopsis
Godeps
_workspace/src/github.com/codegangsta/cli Package cli provides a minimal framework for creating and organizing command line Go applications.	Package cli provides a minimal framework for creating and organizing command line Go applications.
_workspace/src/golang.org/x/crypto/ssh/terminal Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.	Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.
cmd
depot
pkix

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL