README.md

   1 _certmaster -- it hands out SSL certs!_
   2
   3 read more at:
   4
   5 [Original Fedora Project Page](https://fedorahosted.org/certmaster/)
   6
   7 [Original Fedora Repo](http://git.fedorahosted.org/git/?p=certmaster.git;a=summary)
   8
   9 ---
  10
  11 ## About this fork
  12
  13 _certmaster -- it hands out SSL certs from multiple CAs !!!_
  14
  15 ### Multiple CA support
  16
  17 This certmaster fork introduces a new '--ca' argument for specifying an alternative certificate authority.
  18
  19 This allows one certmaster instance to supply certs from multiple authorities instead of having a separate certmaster
  20 instance for each certificate authority you are using.
  21
  22 If you don't want to use multiple CA's, this fork should act just like the parent certmaster project from Fedora - you
  23 should be able to upgrade your existing certmaster to this version, and it will continue to server your existing certs.
  24
  25 If you want to add additional certificate authorities, include a section to your certmaster.conf file as per below
  26 for each CA, using a different name and set of directories for each CA.
  27
  28     [ca:name]
  29     autosign = yes_or_no
  30     cadir = /path/to/cadir
  31     cert_dir = /path/to/cert_dir
  32     certroot = /path/to/certroot
  33     csrroot = /path/to/csrroot
  34
  35 Then to use the new CA, include the argument '--ca=name' in your list of certmaster-ca arguments to use the 'name' CA.
  36
  37 Likewise, when requesting certs from the new CA, include a section of the following form in your minion.conf file:
  38
  39     [ca:name]
  40     cert_dir = /path/to/cert_dir
  41
  42 Then include the argument '--ca=name' in your certmaster-request commands to request a cert from the 'name' CA.
  43
  44 If the '--ca' argument is not given, then the default CA, as defined by the autosign, cadir, cert_dir, certroot,
  45 and csrroot options from the main section of certmaster.conf or minion.conf is used.
  46
  47 ### Functional Tests
  48
  49 This fork introduces some functional tests using the [shUnit2 framework](https://code.google.com/p/shunit2/wiki/ProjectInfo).
  50
  51 **NOTE THESE TESTS ARE DESTRUCTIVE SO DON'T RUN THEM ON YOUR LIVE CERTMASTER HOST**
  52
  53 The tests overwrite the /etc/certmaster/certmaster.conf and /etc/certmaster/minion.conf files, and delete the cert data directories,
  54 so only run these tests on a test server / VM / docker image, not on your live production certmaster instance.
  55
  56 ### Misc Changes
  57 + 'certmaster-ca --version' reads /etc/certmaste/version instead of func's version file
  58 + certmaster-sync doesn't error out if func if not present
  59 + switched README to README.md
  60