Summary

Provide a new tool to easily manage a public-key infrastructure, for use with server packages shipped in Ubuntu.

Release Note

The new upki tool allows to easily create and deploy certificates and public/private keypairs for use with various server stacks in Ubuntu Server, including openvpn.

Rationale

Several packages make use of SSL certificates and public/private keys. They all tend to ship their own tools (apache2-ssl-certificate for apache2) which sometimes are not packaged in a usable way (easy-rsa for openvpn). Those tools are all different, sometimes only produce self-signed certificates, can be complex and don't handle deployment. So, rather than packaging and shipping a separate tool for each stack, it makes sense to provide a single CLI tool to manage a simple CA that can support all the different package needs.

User stories

Assumptions

Design

Implementation

tbd.

Test/Demo Plan

tbd.

Unresolved issues

None.

BoF agenda and discussion

UDS discussion notes

Objectives

Options

Timeframe

Brainstorm


CategorySpec

EasyPKISpec (last edited 2009-12-03 08:47:18 by lns-bzn-48f-81-56-218-246)