Show HN: Caman – A self-signing certificate authority manager
github.comHow does this compare to CA-baka?
I hadn't come across this when I wrote caman; from the looks of things caman is simpler to use, but missing a couple of features - alt hostname support for SAN certificates (which I'm adding at the moment and should be up later today) and ability to use a subsidiary certificate authority.
I wrote caman because I could never remember what to type, so it has simple syntax - 4 commands, to add a new host, sign, revoke and renew; the only argument they take are the hostname. Configuration is a one-off when setting up your CA - there are two openssl config files with sensible defaults based on openssl best practice, with a few values for you to customise, and some basic templating for caman to fill out later.
I've added an experimental branch with SAN support, but I haven't had a chance to test it fully yet; any feedback would be appreciated.
In the past I've used etcd-ca[0] to perform a similar function, though probably not it's original intention.
Just playing with SaltStack's recently added x509 state for a fully autonomous/self-signed CA incl deployment to the clients.