descriptionFedora's certmaster ( with multiple CA support
ownerJude N
last changeFri, 16 Oct 2015 05:21:43 +0000 (01:21 -0400)

certmaster -- it hands out SSL certs!

read more at:

Original Fedora Project Page

Original Fedora Repo

About this fork

certmaster -- it hands out SSL certs from multiple CAs !!!

Multiple CA support

This certmaster fork introduces a new '--ca' argument for specifying an alternative certificate authority.

This allows one certmaster instance to supply certs from multiple authorities instead of having a separate certmaster instance for each certificate authority you are using.

If you don't want to use multiple CA's, this fork should act just like the parent certmaster project from Fedora - you should be able to upgrade your existing certmaster to this version, and it will continue to server your existing certs.

If you want to add additional certificate authorities, include a section to your certmaster.conf file as per below for each CA, using a different name and set of directories for each CA.

autosign = yes_or_no
cadir = /path/to/cadir
cert_dir = /path/to/cert_dir
certroot = /path/to/certroot
csrroot = /path/to/csrroot

Then to use the new CA, include the argument '--ca=name' in your list of certmaster-ca arguments to use the 'name' CA.

Likewise, when requesting certs from the new CA, include a section of the following form in your minion.conf file:

cert_dir = /path/to/cert_dir

Then include the argument '--ca=name' in your certmaster-request commands to request a cert from the 'name' CA.

If the '--ca' argument is not given, then the default CA, as defined by the autosign, cadir, cert_dir, certroot, and csrroot options from the main section of certmaster.conf or minion.conf is used.

Functional Tests

This fork introduces some functional tests using the shUnit2 framework.


The tests overwrite the /etc/certmaster/certmaster.conf and /etc/certmaster/minion.conf files, and delete the cert data directories, so only run these tests on a test server / VM / docker image, not on your live production certmaster instance.

Misc Changes

2015-10-16 Jude Nagurneybumping version to 0.29-1 master v0.29
2015-10-16 Jude Nagurneygithub-1: support for hashing functions other than...
2015-10-11 Jude Nagurneysha1 supprt checkpoint
2015-05-17 Jude Nagurneyfixing some typos / removing comments
2015-03-28 Jude NMention tests in the
2015-03-28 Jude N(messing with post-receive hook)
2015-03-28 Jude N(messing with markdown)
2015-03-28 Jude N(messing with post-receive hook)
2015-03-28 Jude NFleshing out
2015-03-22 Jude NAdding unknown ca tests
2015-03-22 Jude NBATS fell down pushing a process into the background...
2015-03-11 Jude NBATS is pretty sweet. Fixes for autoloading / unexpect...
2015-03-06 Jude NagurneyLooks like certmaster-request and certmaster-ca are...
2015-03-02 Jude Nagurney(Not working yet, but the changeset was getting too...
2011-09-05 Greg SwiftConsolidated definitions in logrotate file using glob.
2011-06-02 Todd Zullingerturn off auto-starting certmaster
6 years ago v0.29
10 years ago v0.28
12 years ago v0.25 rev to 0.25
12 years ago v0.24 v0.24
13 years ago v0.20 This is 0.20 (RC)
13 years ago v0.19 This is 0.19
6 years ago master