• Alain Takoudjou's avatar
    Add new stack certificate authority based on new CA implemetation · dbcb00d2
    Alain Takoudjou authored
    The CA python egg is here: https://lab.nexedi.com/vpelletier/caucase
    instance-certificate-authority.cfg.jinja2.in deploy a CA server which expose an API on HTTP,
    all request are done using GET, PUT, DELETE and POST on that API.
    CA server use ngix + gunicorn (for wsgi)
    
    Auth server is an apache httpd which validate client certificate for authentification.
    It autmatically request a signed certificate to CA and use it in apache configuration.
    
    client request will be validated using:
    SSLVerifyClient require in apache config
    
    The CA expose two URL:
    ${certificate-authority-server:url} which is https URL used to access admin interface
    ${certificate-authority-server:insecure-url} is the HTTP url which can be used to post csr and download certificate
    dbcb00d2
ca-nginx.conf.in 3.33 KB