On Thu, Dec 20, 2018 at 11:59 AM Ken Dreyer <ktdreyer(a)ktdreyer.com> wrote:
I've written a simple "koji-ssl-admin" utility:
The current Koji Server Howto guide includes a lot of steps to run openssl by
hand, and I find I make mistakes easily in this area.
This tool makes it trivial to generate the required SSL keys, CSRs, and CA to
set up a Koji environment. It has opinionated settings, like fixed, safe key
sizes so you can get up and running out of the box quickly.
You can use this to create your own Koji-specific CA and sign HTTPS certs and
user certs, or you can just generate the CSRs to submit to an official CA
This generates the certs with single commands and predictable filenames, so
it's easy to wrap this with scripts or config management systems like Ansible.
This is awesome! Thanks for making this!
真実はいつも一つ！/ Always, there's only one truth!