{{ session.user.gn }} {{ session.user.sn }} ({{session.user.name }}) settings

Click here to generate Android or iOS bundle for current user account.

Mails will be sent to: {{ session.user.mail }}

Authority certificate

Several things are hardcoded into the certificate and as such require complete reset of X509 infrastructure if some of them needs to be changed.

Authority settings

These can be reconfigured via /etc/certidude/server.conf on the server.

Mails will appear from: {{ session.authority.mailer.name }} <{{ session.authority.mailer.address }}>

E-mail disabled

User enrollment: {% if session.authority.user_enrollment_allowed %} {% if session.authority.user_multiple_certificates %} multiple {% else %} single {% endif %} allowed {% else %} forbidden {% endif %}

Machine enrollment: {% if session.authority.machine_enrollment_allowed %} allowed {% else %} forbidden {% endif %}

Certificate attributes:

• Server certificate lifetime: {{ session.authority.signature.server_certificate_lifetime }} days
• Client certificate lifetime: {{ session.authority.signature.client_certificate_lifetime }} days
• Revocation list lifetime: {{ session.authority.signature.revocation_list_lifetime }} seconds

Authenticated users allowed from: {% if "0.0.0.0/0" in session.authority.user_subnets %} anywhere

{% for i in session.authority.user_subnets %}
• {{ i }}
{% endfor %}

Request submission is allowed from: {% if "0.0.0.0/0" in session.authority.request_subnets %} anywhere

{% for subnet in session.authority.request_subnets %}
• {{ subnet }}
{% endfor %}

Autosign is allowed from: {% if "0.0.0.0/0" in session.authority.autosign_subnets %} anywhere

{% for subnet in session.authority.autosign_subnets %}
• {{ subnet }}
{% endfor %}

Authority administration is allowed from: {% if "0.0.0.0/0" in session.authority.admin_subnets %} anywhere

{% for subnet in session.authority.admin_subnets %}
• {{ subnet }}
{% endfor %}

Authority administration allowed for:

{% for user in session.authority.admin_users %}
• {{ user.given_name }} {{user.surname }}
{% endfor %}

Pending requests

Generate private key and certificate signing request:

openssl genrsa -out example.key 2048
openssl req -new -sha256 -key example.key -out example.csr
cat example.csr

Paste the contents here and click submit:

Submit a certificate signing request from Mac OS X, Ubuntu or Fedora:

easy_install pip
pip install certidude
certidude bootstrap {{session.authority.common_name}}

{% for request in session.authority.requests %} {% include "views/request.html" %} {% endfor %}

• No certificate signing requests to sign!

Signed certificates

{% for certificate in session.authority.signed | sort | reverse %} {% include "views/signed.html" %} {% endfor %}

Log

Critical Errors Warnings Info Debug

Revoked certificates

To fetch certificate revocation list:

curl {{window.location.href}}api/revoked/ > crl.der
curl http://ca2.koodur.lan/api/revoked/ -L -H "Accept: application/x-pem-file"
curl http://ca2.koodur.lan/api/revoked/?wait=yes -L -H "Accept: application/x-pem-file" > crl.pem

{% for j in session.authority.revoked %}
• {{j.changed}} {{j.serial_number}} {{j.identity}}
{% else %}
• Great job! No certificate signing requests to sign.
{% endfor %}