This is a discussion on Web Interface Certificate Management - modssl ; I was interested in working on a project, and wanted to get some other people's ideas and inputs. My idea is to make a nice interface for creating SSL certificates for Apache/mod_ssl instead of running OpenSSL from the command line. ...
I was interested in working on a project, and wanted to get some other
people's ideas and inputs. My idea is to make a nice interface for creating
SSL certificates for Apache/mod_ssl instead of running OpenSSL from the
command line. I think there are a lot of people that would appreciate such
a little tool. Since the certificate will eventually be used to protect a
web server, I think the tool should be web based.
Here's what I'm thinking:
When you first install Apache, you can browse to some predetermined URL
that's served by your installation. Obviously, you don't want this to be
from outside the network, so let's just say we'll do some verification that
the request comes from an authorized person. When you go to this URL, you
encounter a form that asks for the typical certificate information such as
the Common Name, the location, etc. We can populate this form with as much
configuration info as we like.
When the user hits the "Configure" button, we'll call the necessary OpenSSL
interfaces to create a certificate, and then update the configuration files
to set everything up properly. We can even add an interface to ship off a
CSR to a CA, and a nice interface to deal with the response.
I'd like this to be very easy for people to use. Something that can be used
by just dropping a file someplace without dealing with any installation issues.
Has anyone ever heard of anything like this? Any good ideas on where to
start for building such a tool? Is this something that could be built into
mod_ssl, or should it be a sibling module? Should this be an Apache module
at all? What kind of tools/architecture would you use? Any other ideas on
how to make this better?
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List firstname.lastname@example.org
Automated List Manager email@example.com