gotls

command module

v0.0.0-...-301dc46 Latest Latest Go to latest Published: Dec 7, 2023 License: MIT Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/llnl/gotls

Links

Open Source Insights

README ¶

goTLS

goTLS is an automated TLS certificate issuance and management tool for Windows, Mac, and Linux. It can generate keys, CSRs, and optionally obtain the certificate with an internal Active Directory Certificate Services (ADCS) endpoint.

Install

Compiled binaries can be found at the releases page.

Configure

Although values can be supplied at invocation time via options, it may be beneficial to populate a config file with most values. Create a .gotls.yaml file in either the user's home directory (or the current directory) with as many of the following values set as desired:

C: US
ST: California
L: Any Town
O: Example Company
OU:
email: webmaster@example-company.com
adcs-url: https://adcs-server.example-company.com/certsrv
oid-template: WebServerv1.0Template
adcs-auth:
  method: kerberos
  krb5conf: /etc/krb5.conf
  user: myusername
  realm: EXAMPLE-COMPANY.COM
  keytab: /home/myusername/.ssh/keytabs/.keytab
  kdcs:
  - kdc1.example-company.com
  - kdc2.example-company.com

To obtain a certificate from an ADCS endpoint, the adcs-url and oid-template values must be set either in config or via options.

The adcs-auth method can be either ntlm or kerberos. For kerberos authentication, set the realm. If krb5conf is not set, kdcs will be used to generate a default krb5 config file. If keytab is not set, a password prompt will be presented.

The oid-template value can be found by visiting the /certsrv/certrqad.asp page of the ADCS installation endpoint and examining the value of the Certificate Template dropdown. Example:

<select name="lbCertTemplate" id="lbCertTemplateID">
  <option value="O;WebServerv1.0Template;1;134.[snip] Web Server v1.0 Template">Web Server v1.0 Template</option>
</select>

In this case, WebServerv1.0Template is the value to set for oid-template.

Usage

Using the tool is done in two stages:

Generate the CSR

$ gotls csr hostname.example-company.com optional-other-hostname.example-company.com

hostname.example-company.com.csr will be created in the current dir. It will also generate hostname.example-company.com.key if not previously present.

Obtain the certificate from the issuer

If you have signing authority for an ADCS endpoint, you can obtain the cert: $ gotls cert adcs hostname.example-company.com.csr

Contributing

Contributions to goTLS are most welcome. Please note any bugs or suggestions you have to the issue tracker. Pull requests can be targeted directly to the master branch. As noted below, all contributions must be made under the MIT license.

Future work

Eventually the tool should be able to:

Support kerberos authentication
Obtain certificates via the ADCS SCEP API (if available on your ADCS installation)
Obtain certificates via ACME protocol from Let's Encrypt
Monitor, report, and act on expiring certificates on the system

License

goTLS is distributed under the terms of the MIT license. All new contributions must be made under this license.

See LICENSE and NOTICE for details.

SPDX-License-Identifier: MIT

LLNL-CODE-775069

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
crypto
http
rpm
man

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL