Rudedog9d
commented
3 years ago It actually looks like step-ca might be a little better suited for the lab environment
Open Rudedog9d opened 3 years ago
Rudedog9d
commented
3 years ago It actually looks like step-ca might be a little better suited for the lab environment
Rudedog9d
commented
3 years ago Basic set up steps for step-ca:
# download latest stable releases
wget https://github.com/smallstep/cli/releases/download/v0.15.2/step-cli_0.15.2_amd64.deb
wget https://github.com/smallstep/certificates/releases/download/v0.15.2/step-certificates_0.15.2_amd64.deb
# Install packages
dpkg -i step-certificates_*_amd64.deb step-cli_*_amd64.deb
# Follow prompts to set up CA
# We should be able to use the certs from MiniCA if you place them in .step/certs/ and set the config in .step/config/ca
step ca init --name "Fakernet Development CA" --dns 192.168.10.207,ca.slothnet.bdavis.me --address :443 --provisioner prov01 --password-file step.password
# Add acme to CA
step ca provisioner add acme --type ACME
# run the CA server
step-ca --password-file step.password --resolver 192.168.0.5:53 .step/config/ca.jsonThen on the client:
certbot --nginx --server https://192.168.10.207/acme/acme/directory --no-verify-ssl
Add a module for letsencrypt/Pebble and/or letsencrypt/Boulder ACME servers, allowing any application using certbot within the environment to get a valid certificate.