man.rst 2.63 KB
Newer Older
ssrq's avatar
ssrq committed
1 2 3 4 5
cdist-type__easy_rsa_ca(7)
==========================

NAME
----
ssrq's avatar
ssrq committed
6
cdist-type__easy_rsa_ca - Build an Easy-RSA Certificate Authority (CA).
ssrq's avatar
ssrq committed
7 8 9 10


DESCRIPTION
-----------
ssrq's avatar
ssrq committed
11 12
This type sets up an Easy-RSA CA in the directory specified with the ``--dir``
parameter.
13

ssrq's avatar
ssrq committed
14 15 16 17 18 19 20 21 22 23 24 25
As a prerequisite the :strong:`cdist-type__easy_rsa_pki`\ (7) must have
created a PKI structure in said directory beforehand.

To have multiple CAs it is required to create one PKI directory structure (using
:strong:`cdist-type__easy_rsa_pki`\ (7)) for each.

The optional parameters have no effect on an already existing CA.

The behaviour of multiple objects with the same ``--dir`` is **undefined**.

**NB:** This type will neither update an existing CA's subject nor other
parameters if the object's parameters are changed at a later point in time.
ssrq's avatar
ssrq committed
26 27 28 29


REQUIRED PARAMETERS
-------------------
ssrq's avatar
ssrq committed
30 31 32
dir
    Full path of the corresponding Easy-RSA PKI structure (as created by
    :strong:`cdist-type__easy_rsa_pki`\ (7)).
ssrq's avatar
ssrq committed
33 34 35 36


OPTIONAL PARAMETERS
-------------------
ssrq's avatar
ssrq committed
37 38 39
common-name
    The Common Name (CN) for this CA.
    Defaults to ``__object_id``.
40
digest
ssrq's avatar
ssrq committed
41
    The digest to use for the CA.
42
    Valid choices include: md5, sha1, sha256, sha224, sha384, sha512
ssrq's avatar
ssrq committed
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
key-size
    value for EASYRSA_KEY_SIZE (keysize in bits to generate)


The following optional parameters correspond to the default values in
organisational fields (only used if the PKI's DN mode is set to ``org``):

country
    value for EASYRSA_REQ_COUNTRY (DN country)
province
    value for EASYRSA_REQ_PROVINCE (DN state/province)
city
    value for EASYRSA_REQ_CITY (DN city/locality)
org
    value for EASYRSA_REQ_ORG (DN organization)
org-unit
    value for EASYRSA_REQ_OU (DN organizational unit)
email
    value for EASYRSA_REQ_EMAIL (DN email)

ssrq's avatar
ssrq committed
63 64 65 66 67 68 69 70 71 72 73

BOOLEAN PARAMETERS
------------------
None.


EXAMPLES
--------

.. code-block:: sh

ssrq's avatar
ssrq committed
74 75 76
    # Set up a CA with common name "Example_CA"
    require=__easy_rsa_pki/etc/easy-rsa \
    __easy_rsa_ca Example_CA --dir /etc/easy-rsa
77

ssrq's avatar
ssrq committed
78 79 80
    # Set up a CY with a space in its common name
    require=__easy_rsa_pki/etc/easy-rsa \
    __easy_rsa_ca Example_CA --dir /etc/easy-rsa --common-name 'My Example CA'
ssrq's avatar
ssrq committed
81 82 83 84


SEE ALSO
--------
ssrq's avatar
ssrq committed
85 86
:strong:`cdist-type__easy_rsa_pki`\ (7),
:strong:`cdist-type__easy_rsa_cert`\ (7)
ssrq's avatar
ssrq committed
87 88 89 90


AUTHORS
-------
ssrq's avatar
ssrq committed
91 92 93
| Marko Seric <marko.seric--@--ssrq-sds-fds.ch>
| Beni Ruef <bernhard.ruef--@--ssrq-sds-fds.ch>
| Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
ssrq's avatar
ssrq committed
94 95 96 97


COPYING
-------
ssrq's avatar
ssrq committed
98
Copyright \(C) 2020 the AUTHORS. You can redistribute it
ssrq's avatar
ssrq committed
99 100 101
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.