Index of /experimental/tcstools

Icon  Name                        Last modified      Size  Description
[PARENTDIR] Parent Directory - [DIR] headers/ 2015-04-01 13:04 - [DIR] repodata/ 2016-07-11 13:34 - [   ] dctcs-cli-2.0a-1.noarch.rpm 2015-03-20 03:08 12K [   ] dctcs-cli-2.0a-1.src.rpm 2015-03-20 03:08 15K [   ] dctcs-cli-2.0a.tar.gz 2015-03-20 03:08 11K [   ] dctcs-cli-2.1-1.noarch.rpm 2016-07-11 12:51 13K [   ] dctcs-cli-2.1-1.src.rpm 2016-07-11 12:51 15K [   ] dctcs-cli-2.1.tar.gz 2016-07-11 12:51 12K [TXT] dctcs-cli.ndpf 2015-03-20 03:08 15K

About
-----
This script is exclusively for use with the DigiCert (Lehi, UT, USA) API v2
We apologize for the rather haphazard code layout, which is most certainly
'hackish' and originaed as a demonstrator of the API interface. We
encourage everyone to make improvements or do code cleanup. It really
needs it!

And remember:
  De wiki vraagt nadrukkelijk; 
    "Zonder overleg met scs-ra@surfnet.nl svp geen gebruik maken van..."

which everyone should consider as the 11th Commandment.
Also rotate your API keys regularly (you can revoke them - do so often!)


Considerations
--------------
Default are set to work 'nicely' with the provisioning mechanism for the
Nikhef Data Processing Facility NDPF. Please adjust the parameters
to match your need, and
* put in your own Organisation name (from the CertCentral portal)
* the location of the API key file, if you use this one. API key files
  really must be kept on encrypted partitions that are only mounted
  as and when needed, and used on strictly controlled machines.
  Use the password prompt or the environment variable $DIGICERTAPIKEY
  otherwise!


Syntax
------

Request and retrieve certificates from the TCS DigiCert service via the API

 dctcs-cli [-P product] [-R] [-s path] [-d basedir] [-A comment] [-K keyfile]
             [-O orgid] [-V validity]
             [-r|-i|-a] hostname [altname ...]

  -r            enter REQUEST mode       + either -r or -i or -a required
  -i            enter INSTALLATION mode  +
  -a            enter APPROVAL mode      +

  -P <product>  order <product>, with "grid_host_ssl_multi_domain" the default
                but "ssl_multi_domain" also useful. See below
  -V validity   validity request period in years (default: 1)
  -K keyfile    file with the API key for the user as a single line
  -O orgid      Organisation name or ID
  -s subdir     use <subdir> for key, cert, and orderid storage (no default)
  -R            use the NDPF vlaai symlink & release.state mechanism
                which works best with subdir usage (will touch release.state)
  -A comment    Approve request as well, with "comment" (admins only)
  --prefix=dir  dir prefix (defaults to "tcs-")

All certs are requested with SHA256 digest. Other products that might
work with this script are:
  grid_host_ssl, grid_host_ssl_multi_domain
  ssl_ev_multi_domain, ssl_ev_plus
  ssl_multi_domain, ssl_plus
But note that EV requires an extra approval step by the EV admin, and
that wildcard certs will mess up the directory naming.