/[pdpsoft]/nl.nikhef.pdp.tcs/nl.nikhef.pdp.tcs.dctcs-cli/tags/v2.0a-1/README.txt
ViewVC logotype

Contents of /nl.nikhef.pdp.tcs/nl.nikhef.pdp.tcs.dctcs-cli/tags/v2.0a-1/README.txt

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2778 - (show annotations) (download)
Fri Mar 20 02:18:41 2015 UTC (7 years, 6 months ago) by davidg
File MIME type: text/plain
File size: 2524 byte(s)
RPMmified

1
2 About
3 -----
4 This script is exclusively for use with the DigiCert (Lehi, UT, USA) API v2
5 We apologize for the rather haphazard code layout, which is most certainly
6 'hackish' and originaed as a demonstrator of the API interface. We
7 encourage everyone to make improvements or do code cleanup. It really
8 needs it!
9
10 And remember:
11 De wiki vraagt nadrukkelijk;
12 "Zonder overleg met scs-ra@surfnet.nl svp geen gebruik maken van..."
13
14 which everyone should consider as the 11th Commandment.
15 Also rotate your API keys regularly (you can revoke them - do so often!)
16
17
18 Considerations
19 --------------
20 Default are set to work 'nicely' with the provisioning mechanism for the
21 Nikhef Data Processing Facility NDPF. Please adjust the parameters
22 to match your need, and
23 * put in your own Organisation name (from the CertCentral portal)
24 * the location of the API key file, if you use this one. API key files
25 really must be kept on encrypted partitions that are only mounted
26 as and when needed, and used on strictly controlled machines.
27 Use the password prompt or the environment variable $DIGICERTAPIKEY
28 otherwise!
29
30
31 Syntax
32 ------
33
34 Request and retrieve certificates from the TCS DigiCert service via the API
35
36 dctcs-cli-2-a.vlaai [-P product] [-R] [-s path] [-d basedir] [-A comment] [-K keyfile]
37 [-O orgid] [-V validity]
38 [-r|-i|-a] hostname [altname ...]
39
40 -r enter REQUEST mode + either -r or -i or -a required
41 -i enter INSTALLATION mode +
42 -a enter APPROVAL mode +
43
44 -P <product> order <product>, with "grid_host_ssl_multi_domain" the default
45 but "ssl_multi_domain" also useful. See below
46 -V validity validity request period in years (default: 1)
47 -K keyfile file with the API key for the user as a single line
48 -O orgid Organisation name or ID
49 -s subdir use <subdir> for key, cert, and orderid storage (no default)
50 -R use the NDPF vlaai symlink & release.state mechanism
51 which works best with subdir usage (will touch release.state)
52 -A comment Approve request as well, with "comment" (admins only)
53 --prefix=dir dir prefix (defaults to "tcs-")
54
55 All certs are requested with SHA256 digest. Other products that might
56 work with this script are:
57 grid_host_ssl, grid_host_ssl_multi_domain
58 ssl_ev_multi_domain, ssl_ev_plus
59 ssl_multi_domain, ssl_plus
60 But note that EV requires an extra approval step by the EV admin, and
61 that wildcard certs will mess up the directory naming.
62
63

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28