1 _certmaster -- it hands out SSL certs!_
5 [Fedora Project Page](https://fedorahosted.org/certmaster/)
7 [Fedora Repo] (http://git.fedorahosted.org/git/?p=certmaster.git;a=summary)
13 *** Multiple CA support
15 This certmaster fork introduces a new '--ca' argument for specifying an alternative certificate authority.
17 This allows one certmaste instance to supply certs from multiple authorities instead of having to have a
18 separate certmaster instance for each certificate authority might be using.
20 If you don't want to use multiple CA's, this fork should act just like the parent certmaster project - you
21 should be able to upgrade your existing certmaster to this version, and it will continue to server your existing certs
23 If you want to add an additional certificate authorities, add a section to your certmaster.conf file as per below
24 for each CA, using a different name and set of directories for each CA.
29 cadir = /path/to/cadir
30 cert_dir = /path/to/cert_dir
31 certroot = /path/to/certroot
32 csrroot = /path/to/csrroot
35 Then to use the new CA, include the argument '--ca=name' in your list of certmaster-ca arguments to use the 'name' CA.
37 Likewise, when requesting certs from the new CA, include a section of the following form in your minion.conf file:
40 cert_dir = /path/to/cert_dir
43 Then include the argument '--ca=name' in your certmaster-request commands to request a cert from the 'name' CA.
45 If the '--ca' argument is not given in the certmaster-ca or certmaster-request commands, then the original
46 autosign, cadir, cert_dir, certroot, and csrroot options from the main section of certmaster.conf / minion.conf are used instead.
50 + 'certmaster-ca --version' reads /etc/certmaste/version instead of func's version file
51 + certmaster-sync doesn't error out if func if not present