Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:modules_crt [2023/01/23 13:54] kopro add adcs driver url |
devel:documentation:modules_crt [2024/03/26 12:55] koulaj [Operations with certificates] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | <- .: | + | <- .: |
====== Modules - Certificates [crt] ====== | ====== Modules - Certificates [crt] ====== | ||
Line 7: | Line 7: | ||
CRT module was designed to handle various **certificate authority** implementations via specific drivers. Currently, there is one driver implemented - the **CAW** driver that handles the communication with CAW certificate authority (bundled in the module). | CRT module was designed to handle various **certificate authority** implementations via specific drivers. Currently, there is one driver implemented - the **CAW** driver that handles the communication with CAW certificate authority (bundled in the module). | ||
- | <note important> | + | <note important> |
- | On Linux, diacritics works fine.</ | + | |
===== Operations with certificates ===== | ===== Operations with certificates ===== | ||
- | * **Generate** - Generate a new certificate. The user must select a certification authority, a certificate type (Authentication, | + | * **Generate** |
- | * **Generate by CSR** - Generate a certificate from an existing request (**Certificate Signing Request**). The user has a certificate request already generated in the CSR format. This request contains all the necessary information to generate. The user must only select authority and file with CSR request. In this case, it does not enter or store any password (the private part of the certificate already has the user with). | + | * **Generate by CSR** - Generate a certificate from an existing request (**Certificate Signing Request**). The user has a certificate request already generated in the CSR format. This request contains all the necessary information to generate. The user must only select authority and file with CSR request. In this case, it does not enter or store any password (the private part of the certificate already has the user with). |
- | * **Renew** | + | * **Renew** |
- | * **Revocate** - Certificate invalidation. For example, if the private part of the certificate is compromised, | + | * **Revocate** |
- | * **Archive** - Certificate is archived ("soft delete" | + | * **Archive** |
- | * **Cancel request** - Certificate request can be canceled, when request is in concept state. | + | * **Cancel request** |
- | * **Download certificate** - Public certificate and private key (if exists) can be downloaded. Private key can be downloaded just by certificate owner. | + | * **Download certificate** |
+ | * **Download secret** | ||
===== Architecture ===== | ===== Architecture ===== | ||
- | Module consists of those basic parts: | + | Module consists of those basic parts: |
- | * **GUI** - Users can manage their certificates or request a new one via standard CzechIdM web GUI | + | |
- | * **Registration authority** - When user requests for a certificate, | + | |
- | * **Certificate store** - users' certificates are stored in CzechIdM for future download or e.g. provisioning (send to other managed system) | + | |
- | * **Drivers** - Driver implements mainly the communication mechanism between CzechIdM and CA (e.g. CAW or Microsoft CA). Currently CzechIdM provides the driver for CAW, others can be implemented on demand. If the request from registration authority does not contain CSR, driver creates it. | + | |
- | * **CAW** - Our CA implementation based on openssl. | + | |
- | * **RESTful API** - Standard communication API. Use it e.g. when users request for a new certificate via some external registration authority software. | + | |
- | {{ : | + | * **GUI** |
+ | * **Registration authority** | ||
+ | * **Certificate store** | ||
+ | * **Drivers** | ||
+ | * **CAW** | ||
+ | * **RESTful API** - Standard communication API. Use it e.g. when users request for a new certificate via some external registration authority software. | ||
+ | {{ .: | ||
====== Read more ====== | ====== Read more ====== | ||
- | [[devel: | ||
+ | [[.: | ||
+ | |||
+ | ===== Drivers ===== | ||
+ | |||
+ | * [[https:// | ||
+ | * [[https:// | ||
===== Admin tutorials ===== | ===== Admin tutorials ===== | ||
- | | + | |
- | * [[tutorial: | + | |
- | * [[tutorial: | + | * [[:tutorial: |
+ | * [[:tutorial: | ||
===== Devel guide ===== | ===== Devel guide ===== | ||
- | | + | |
+ | | ||