Create a certification authority an a registration authority to sign emails.
- Create locally your unsigned certificate by running
~/code/generate_cert.sh. - Run the script
~/code/webapp/submit_csr.py. - Go on
http://127.0.0.1:5000 - Fill the first form on the web app created by submit_csr.py. You will receive an 8-char OTP on the the provided email address.
- Wait untill the reception of the OTP and fill the second second form.
- On the third page, you will donwload a .zip file. This file contains your certificate, the root certificate and the authority certificate. Now you can add the certificates in you email client.
Sometimes, email clients needs a .pbk12 certificate (and note a .pem). So execute the command openssl x509 -req -in /home/mathis/Email-certificate-authority/code/webapp/server.csr -CA /home/mathis/Email-certificate-authority/ACI/aci_cert.pem -CAkey /home/mathis/Email-certificate-authority/ACI/aci_key.pem -CAcreateserial -out aaaaa.pem -days 30 -sha512 -extfile /home to generate the new certificate.
Certificates are signed with keys generated by the P-521 elliptic curve.
Even if there is a bouton to revoke a certificate, the bouton won't revoke it.
chmod +x create_acr.sh
./create_acr.sh
chmod +x create_aci.sh
./create_aci.sh
pip install flask
chmod +x generate_csr.sh
./generate_csr.sh
sudo apt install zip -yopenssl x509 -req -in /home/mathis/Email-certificate-authority/code/webapp/server.csr -CA /home/mathis/Email-certificate-authority/ACI/aci_cert.pem -CAkey /home/mathis/Email-certificate-authority/ACI/aci_key.pem -CAcreateserial -out aaaaa.pem -days 30 -sha512 -extfile /homeGenerate a certificate which will be valid untillGénérer un certificat qui ne sera valide que le 2 Mai
openssl x509 -req -in {user_cert_uploaded} -CA {absolute_path}/ACI/aci_cert.pem -CAkey {absolute_path}/ACI/aci_key.pem -CAcreateserial -out {user_cert_path} -days 30 -sha512 -extensions usr_cert -startdate 20230502000000Z