openbsd/ports
1
0
Fork 0
mirror of https://github.com/openbsd/ports.git synced 2026-06-18 07:24:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
ports/security/step-ca/pkg/DESCR
T
abieber 5a1ded31a2 Import step-ca at 0.22.0 
step-ca is a private certificate authority and ACME server.

Description:
step-ca is an online certificate authority for secure, automated certificate
management. It's the server counterpart to the step CLI tool.

You can use it to:

- Issue X.509 certificates for your internal infrastructure:
  - HTTPS certificates that work in browsers (RFC5280 and CA/Browser Forum
    compliance)
  - TLS certificates for VMs, containers, APIs, mobile clients, database
    connections, printers, wifi networks, toaster ovens...
  - Client certificates to enable mutual TLS (mTLS) in your infra. mTLS is an
    optional feature in TLS where both client and server authenticate each
    other. Why add the complexity of a VPN when you can safely use mTLS over
    the public internet?
- Issue SSH certificates:
  - For people, in exchange for single sign-on ID tokens
  - For hosts, in exchange for cloud instance identity documents
- Easily automate certificate management:
  - It's an ACME v2 server
  - It has a JSON API
  - It comes with a Go wrapper
  - ... and there's a command-line client you can use in scripts!

OK sthen@
2022-08-27 21:16:46 +00:00

23 lines
1.0 KiB
Plaintext
Raw Permalink Blame History

step-ca is an online certificate authority for secure, automated certificate
management. It's the server counterpart to the step CLI tool.
You can use it to:
- Issue X.509 certificates for your internal infrastructure:
- HTTPS certificates that work in browsers (RFC5280 and CA/Browser Forum
compliance)
- TLS certificates for VMs, containers, APIs, mobile clients, database
connections, printers, wifi networks, toaster ovens...
- Client certificates to enable mutual TLS (mTLS) in your infra. mTLS is an
optional feature in TLS where both client and server authenticate each
other. Why add the complexity of a VPN when you can safely use mTLS over
the public internet?
- Issue SSH certificates:
- For people, in exchange for single sign-on ID tokens
- For hosts, in exchange for cloud instance identity documents
- Easily automate certificate management:
- It's an ACME v2 server
- It has a JSON API
- It comes with a Go wrapper
- ... and there's a command-line client you can use in scripts!
Reference in New Issue View Git Blame Copy Permalink