From 6f66e71e4622c54058b8689d4be730905d69fe22 Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Thu, 17 Jun 2021 18:08:58 +0200 Subject: pki: T3642: New PKI config and management --- op-mode-definitions/pki.xml.in | 281 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 281 insertions(+) create mode 100644 op-mode-definitions/pki.xml.in (limited to 'op-mode-definitions') diff --git a/op-mode-definitions/pki.xml.in b/op-mode-definitions/pki.xml.in new file mode 100644 index 000000000..0cea3db08 --- /dev/null +++ b/op-mode-definitions/pki.xml.in @@ -0,0 +1,281 @@ + + + + + + + Generate PKI certificates and keys + + + + + Generate CA certificate + + + + + Commands for installing generated certificate into running configuration + + <CA name> + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$5" --install + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "noname" + + + + Generate certificate request + + + + + Generate self-signed certificate + + + + + Commands for installing generated self-signed certificate into running configuration + + <certificate name> + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$6" --self-sign --install + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" --self-sign + + + + Sign generated certificate with specified CA certificate + + pki ca + + + + + + Commands for installing generated certificate into running configuration + + <certificate name> + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$7" --sign "$5" --install + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" --sign "$5" + + + + Commands for installing generated certificate private key into running configuration + + <certificate name> + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$5" --install + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" + + + + Generate CRL for specified CA certificate + + pki ca + + + + + + Commands for installing generated CRL into running configuration + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4" --install + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4" + + + + Generate DH parameters + + + + + Commands for installing generated DH parameters into running configuration + + <DH name> + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --dh "$5" --install + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --dh "noname" + + + + Generate a key pair + + + + + Commands for installing generated key pair into running configuration + + <key name> + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --keypair "$5" --install + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --keypair "noname" + + + + Generate OpenVPN keys + + + + + Generate OpenVPN TLS key + + + + + Commands for installing generated OpenVPN TLS key into running configuration + + <key name> + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "$6" --install + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "noname" + + + + + + Generate SSH key + + + + + Commands for installing generated SSH key into running configuration + + <key name> + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --ssh "$5" --install + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --ssh "noname" + + + + Generate Wireguard keys + + + + + Generate Wireguard key pair for use with server or peer + + + + + Commands for installing generated Wireguard key into running configuration + + <interface> <peer> + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key "$6" --install + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key "noname" + + + + Generate pre-shared key for use with a Wireguard peer + + + + + Commands for installing generated Wireguard psk on specified peer into running configuration + + <peer> + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk "$6" --install + + + sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk "noname" + + + + + + + + + + + + Show PKI certificates + + + + + Show CA certificates + + + + + Show CA certificate by name + + pki ca + + + sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "$5" + + + sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "all" + + + + Show certificates + + + + + Show certificate by name + + pki certificate + + + sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "$5" + + + sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "all" + + + + Show certificate revocation lists + + + + + Show certificate revocation lists from specified CA + + pki ca + + + sudo ${vyos_op_scripts_dir}/pki.py --action show --crl "$5" + + + sudo ${vyos_op_scripts_dir}/pki.py --action show --crl "all" + + + sudo ${vyos_op_scripts_dir}/pki.py --action show + + + + -- cgit v1.2.3