Click here to generate Android or iOS bundle for current user account.
Mails will be sent to: {{ session.user.mail }}
{% if session.authority %}Several things are hardcoded into the certificate and as such require complete reset of X509 infrastructure if some of them needs to be changed.
These can be reconfigured via /etc/certidude/server.conf on the server.
{% if session.authority.mailer %}Mails will appear from: {{ session.authority.mailer.name }} <{{ session.authority.mailer.address }}>
{% else %}E-mail disabled
{% endif %}User enrollment: {% if session.authority.user_enrollment_allowed %} {% if session.authority.user_multiple_certificates %} multiple {% else %} single {% endif %} allowed {% else %} forbidden {% endif %}
Machine enrollment: {% if session.authority.machine_enrollment_allowed %} allowed {% else %} forbidden {% endif %}
Certificate attributes:
Authenticated users allowed from: {% if "0.0.0.0/0" in session.authority.user_subnets %} anywhere
{% else %}Request submission is allowed from: {% if "0.0.0.0/0" in session.authority.request_subnets %} anywhere
{% else %}Autosign is allowed from: {% if "0.0.0.0/0" in session.authority.autosign_subnets %} anywhere
{% else %}Authority administration is allowed from: {% if "0.0.0.0/0" in session.authority.admin_subnets %} anywhere
{% else %}Authority administration allowed for:
Here you can renew your certificates
{% endif %} {% set s = session.certificate.identity %} {% if session.authority %}Generate private key and certificate signing request:
openssl genrsa -out example.key 2048 openssl req -new -sha256 -key example.key -out example.csr cat example.csr
Paste the contents here and click submit:
{% else %}Submit a certificate signing request from Mac OS X, Ubuntu or Fedora:
easy_install pip pip install certidude certidude bootstrap {{session.authority.common_name}}{% endif %}
No certificate signing requests to sign!
To fetch certificate revocation list:
curl {{window.location.href}}api/revoked/ > crl.der curl http://ca2.koodur.lan/api/revoked/ -L -H "Accept: application/x-pem-file" curl http://ca2.koodur.lan/api/revoked/?wait=yes -L -H "Accept: application/x-pem-file" > crl.pem