a simple REST API to generate KeyPairs, CSR and Certificates based on a CA certificate and private key
sbt assembly
mv ./target/scala-2.12/pki-tools.jar ./pki-tools.jar
java -Dpki.ca=/path/to/ca.pem, -Dpki.caKey=/path/to/ca-key.pem -jar pki-tools.jarsbt run --- -Dpki.ca=/path/to/ca.pem, -Dpki.caKey=/path/to/ca-key.pem| verb | path | input | output |
|---|---|---|---|
GET |
/api/pki/ca |
CERT-CHAIN |
|
POST |
/api/pki/keypair |
KEYQUERY |
KEYPAIR |
POST |
/api/pki/csr |
CSRQUERY |
CSR |
POST |
/api/pki/_sign |
CSR |
CERT-CHAIN |
POST |
/api/pki/cert |
CSRCSRQUERY |
CERT-CHAIN |
CSRCSRQUERY format
{
"hosts" : [ "www.foo.bar", "www2.foo.bar" ],
"key" : {
"algo" : "rsa",
"size" : 2048
},
"client": false, // optional
"subject": "...", // optional
"name" : { // optional
"C" : "foo",
"OU" : "bar"
},
"signatureAlg" : "SHA256WithRSAEncryption",
"digestAlg" : "SHA-256"
}KEYQUERY format
{
"algo" : "rsa",
"size" : 2048
}curl -k -X GET https://pki.oto.tools:8443/api/pki/ca
curl -k -X GET -H 'Accept: application/x-pem-file' https://pki.oto.tools:8443/api/pki/ca
curl -k -X POST -H 'Content-Type: application/json' https://pki.oto.tools:8443/api/pki/cert -d '
{
"hosts" : [ "domain1.oto.tools", "domain2.oto.tools", "domain3.oto.tools" ],
"key" : {
"algo" : "rsa",
"size" : 2048
},
"name" : {
"C" : "FR",
"L" : "Poitiers",
"O" : "OtoroshiLabs",
"OU" : "Test"
},
"signatureAlg" : "SHA256WithRSAEncryption",
"digestAlg" : "SHA-256"
}'
curl -k -X POST -H 'Content-Type: application/json' -H 'Accept: application/x-pem-file' https://pki.oto.tools:8443/api/pki/cert -d '
{
"hosts" : [ "domain1.oto.tools", "domain2.oto.tools", "domain3.oto.tools" ],
"key" : {
"algo" : "rsa",
"size" : 2048
},
"name" : {
"C" : "FR",
"L" : "Poitiers",
"O" : "OtoroshiLabs",
"OU" : "Test"
},
"signatureAlg" : "SHA256WithRSAEncryption",
"digestAlg" : "SHA-256"
}'tshark -i lo0 -w tsshark.pcapng -f "host 127.0.0.1 and port 8443"