Hello, TLSS is a small project aimed at the simplest possible work with certificates, the main goal of which is to simplify the deployment and control of certificates in the internal infrastructure, and ensure simple data portability.
- Everything is stored in small and fast SQLite 💾
- All keys in the database are encrypted 🔑
- Your certificates are always at hand, wherever you are, just take the database file with you and you're good to go 🚀
- Controlled via WEB UI
- Creation/revocation/automatic recreation of server certificates (regular and wildcard)
- Creation/revocation/automatic recreation of client certificates (regular and wildcard)
- Adding unique OID for more precise filtering
- Automatic certificate copying mechanism to server
- Creation of objects not linked to servers
- Control of recreation, validity
- CRL generation
- Reissuance of CA with recreation of all dependent objects
On the first application start, the console will ask 3 questions:
- login;
- password;
- salt.
After that, he first launch will create all necessary directories, generate a configuration file config.yaml and an SSH key will be generated for connecting to servers.
The initial launch uses the default configuration and starts on an unsecured port, you need to make appropriate adjustments to your taste.
On the first login, you will land on the root/intermediate certificate generation page, without this step certificate creation will be impossible.
The login window greets you with two options, Login or Overview.
Without authorization, capabilities are limited to two sections:
- Home with Overview subsection - serves as statistics and general information
- Tools with Certificate Info subsection - allowing you to view certificate information, supporting selection through explorer or drop down.
- Servers certs
- Clients certs
Servers certs section:
- Add ssh key subsection adds the ability to create your own ssh keys and use them to connect servers where generated certificates can be stored.
- Certificates are generated with TLS Web Server Authentication type
- Domain is automatically added to SAN section, even if it remains unfilled
- Creating server certificates makes it possible to save them on remote servers. For this, a server is added in the Add servers subsection, after which, when creating, you can set the "Save to server" switch.
Clients certs section:
- Add OIDs subsection adds the ability to create an additional custom field in the certificate
- Certificates are generated with TLS Web Client Authentication type
In both cases, setting the switch to "Recreate" will automatically recreate the certificate both locally and on the updated server if it was created with the Save on server switch.
Revoking a root or intermediate certificate triggers a chain reaction that leads to revocation of all certificates signed by this CA, and certificates that were already revoked will be deleted.
Certificate revocation options differ by type:
Servers certs:
- When revoking a server certificate and subsequent rollback, the certificate does not overwrite the existing one if it was generated, that is, each certificate is unique and exists autonomously. Creation behavior is similar.
Clients certs:
- If you revoke a client certificate, then issuing a new one will overwrite the existing one, regardless of whether it was revoked or remained active.
- Client certificate creation is accompanied by the ability to set a password for subsequent container download and secure transfer.
I cannot check everything, there may be more than one bug found, I apologize 🥺
fast-1.mov
Привет, TLSS это небольшой проект, направленный на максимально простую работу с сертфиикатами, основная цель которого упростить развертывание и контроль сертификатов во внутренней инфраструктуре, и обеспечить простую переносимость данных.
- Все хранится в маленькой и быстрой sqlite 💾
- Все ключи в базе зашифрованы 🔑
- Ваши сертфикиаты всегда под рукой, где бы вы небыли, достаточно взять с собой файл базы и вы в деле 🚀
- Управляется через WEB UI
- Создание\отзыв\автоматическое пересоздание серверных сертфиикатов (обычных и wildcard)
- Создание\отзыв\автоматическое пересоздание клиентских сертификатов (обычных и wildcard)
- Добавление уникального OID для более тонкой фильтрации
- Механизм автоматического копирования сертификатов на сервер
- Создание объектов не связаных с серверами
- Контроль пересоздания, валидности
- Генерация CRL
- Превыпуск CA с пересозданием всех заисимых объектов
- Первый запуск создает все каталоги и генерирует конфиграционный файл
config.yaml, вероятно вам захочется отредактировать следующие поля:- hostname
- protocol
- authConfig
- После первой авторизации в UI, вы попадете на страницу генерации CA\SubCA, сгененируйте их или дальнейшее создание сертификатов будет невозможно
Я не в силах проверить все сразу, возможно найдется не один баг, прошу прощения 🥺