diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -59,6 +59,32 @@ As a user, I want to be able to: For example, the user can add arbitrary number of `Cert`'s into a `CA` container, upon each successful sign. +## Instructions + +1. Load / store to `./data/ca.json` by clicking on the Load / Store button on the top left. Signing certificates, + revoking certificates, publishing CRLs will automatically save the database. The unsaved changes are visible at the + bottom status line. +2. The main operations are at the upper panel, from the toolbar until the audit logs pane. The lower panel shows audit + logs. +3. Start by generating a RSA2048 private key, by clicking on the "Generate" button. Then, sign a CSR to be sent to the + upper level CA. Finally, get the signed certificate back and install it by clicking on the "Install" button. +4. Define a template. Navigate to the "Templates" tab and click on "New". Set template name, subject (optional), and + validity period (in days). These settings will be applied when signing certificates. You can add arbitrary number of + templates to the database, don't forget to save. +5. Before a template can be used, it must be enabled. Select a template and click on the "Enable" button on the top. + Optionally, disable or delete the templates no longer needed. +6. Sign certificates. Navigate to the "Certs" tab and click on "Sign" button in the toolbar. Select the CSR. In the popup + dialog, you can select the template and apply certificate properties. When you are ready, click on the "Issue" button. + The CA will sign this certificate and add it to the database. The database will be automatically saved. You can view + your certificate from the list and export it. +7. If a certificate has to be revoked ahead of validity period, select it from the list and click on the "Revoke" button + in the toolbar. From the dialog, confirm certificate subject and serial number, and select an appropriate reason. You + may also customize the revocation time, but it must be typed in ISO-8601 format with offset. After revocation, the list + automatically updates, and you can see the certificate you just revoked now has a red cross icon. Note that the database + automatically saves after revoking. +8. Periodically publish CRLs. On the "CA" tab, click on the "CRL" button on the top right, and select a path for the CRL. + The database automatically saves after issuing a new CRL. + ## Author Yuuta Liang <yuutaw@student.ubc.ca> |