This repo contains the files needed to run the CPCT Tool locally on your machine as a Docker Image. Docker Desktop is required to use this tool.
If your organization has Software Policies inplace, installing Docker Desktop may require a call to your company's
Help Deskfor support. Additional information can be found here.
The CPCT Tool is an application that supports FPKI annual reviews and compliance by analyzing public X.509 certificates for conformance to a specified FPKI profile:
- Common Policy SSP Program
- FPKI/Federal Bridge
- PIV-Interoperable (PIV-I)
- Common SSP v2.2
- FPKI/Federal Bridge v2.0
- PIV-I (merged into FBCA v2.0)
- PIV-I 1.2 and 1.3 (legacy)
- Updated
start.exetov2.0.1(no code changes) - Security update:
Djangofrom3.2.23to3.2.24 - Version Bump:
Djangofrom3.2.24to3.2.25 - Version Bump:
gunicornfrom20.1.0to22.0.0 - Convenient installer for
MacandLinux:mac-linux.sh(unsupported) - Updated
README.mdfor Mac and Linux
CPCT use can enhance detection of certificate profile issues during FPKI development and maintenance phases. In conjunction with the Card Conformance Tool (CCT), the Certificate Profile Conformance Tool (CPCT) enables FPKI stakeholders to perform local testing.
After Docker Desktop is installed on your system and running, you can return here to download the latest release of the CPCT Tool to your computer.
Note: Files in the resources directory are there to be used by the Dockerfile while it is building the Dockerized Image for Docker Desktop.
To download the CPCT Tool, do one of the following:
- Click on Releases in the right side of thei repo, under About, then select the
latestrelease to download. - Use the Download ZIP option of the big green Code button at the top of this GitHub repo.
- Clone this repo using Git with
git clone https://github.com/GSA/cpct-tool.git
Then navigate to the location where you downloaded or cloned the files for the next step.
Note: If using the
ZIPfile, make sure youRight-Clickon theZIPfile, then selectExtract All...to extract the files to your computer before clicking on thestart.exefile.
NOTE: Make sure
Docker Desktopis running before issuing any of the below commands.
Upon installation of Docker Desktop, Docker requires computer users to be placed in the docker-users group, If your account is not an admin account and you require assistance from your organization's IT Department to make changes to your computer, such as installing new software. Have your IT Department enter the following commands through Windows Powershell to add you to the docker-users group.
Replace <user> with your account user name.
net localgroup docker-users <user> /addPlease make sure the above command is run within the Windows Powershell and not the standard Command prompt for it to work correctly.
Once this requirement is satisfied, Docker Desktop should run as expected*.
Inside the downloaded folder, you should see a file named start.exe, Double Click on this file to start the process. This will open a command(terminal) window to start the building and running process. Once prompted, type Y or y to continue, the build and run process will start.
MEMO: if you get a security warning on Windows 10 or later after clicking on
start.exe, this is normal, click theMore infolink, then theRun anywaybutton to continue.
Open a commpand window and navigate to the directory where you downloaded the CPCT Tool, then type the following:
Dockerfile mac-linux.sh README.md resources/ start.exe
> .\start.exeThis will start the build and run process, once prompted, type Y or y to continue, the build and run process will start.
For Mac and Linux, run the mac-linux.sh script located in the same folder as the start.exe
- First, make sure Docker Desktop is installed and running.
- Second, make sure you run
chmod +x mac-linux.shfirst on the install script before attempting to run it on the command line.
This script is unsupported and is only provided for convenience to experienced users.
$ ./mac-linux.shOnce finished, your default Web Browser should open, displaying the main page of the CPCT Tool, if you see this, the CPCT Tool is now running locally on your computer and you can now use it to check certificates.
- The
CPCT Main Pageopens to a local only address of:http://127.0.0.1:8000orhttp://localhost:8000. - If your
defaultWeb Browser does not open, check your taskbar for already open instances of your Web Browser. - Note: The command (terminal) window will close on its own.
If you have used the cloud version of this tool before, the functinality should be the same, the only difference is now your have the CPCT Tool running locally on your computer.
Once you have the CPCT Tool Docker Image installed and running, you DO NOT have to rerun the start.exe file. This is only needed to initially build and run the Docker Image.
Note: If you do happen to
runthestart.exefile again, this is not a problem. It will run the same as it did before, but will not build anotherDocker Imagefile. Since nothing has changed in theDocker Image, it will start anotherinstanceof the same Docker Image and complain about your local port8000is alreay in use, a new instance of the Image will display inside of Docker Desktop running but with no ports specified, but with a differentTag IDnumber. If you wish, you can safely remove this extra instances and continue using the CPCT Tool as before.
How do I access the tool the next time I need to use it?
You have a few options:
- Keep the
Docker Imagerunning, so the next time you need to use the CPCT Tool, open the following address in your web browser:http://127.0.0.1:8000orhttp://localhost:8000to access the CPCT Tools main page. - If you do not use the tool that often, then you can click the
stopbutton beside the Docker Desktop Image for the CPCT Tool, this will stop the Docker Image. You can restart it again by clicking thestartbutton to start the Docker Image again. Remember to open your web browser to:http://127.0.0.1:8000orhttp://localhost:8000to use the tool again. Feel free to bookmark this page for simpler access in the future. - If you have limited space on your computer or need to conserve space, simply delete the Docker Image for the CPCT Tool inside of Docker Desktop. When you want to
runthe Docker Image for the CPCT Tool again, simplyrerunthestart.exeagain.
Memo: If you have
deletedthezip fileand/or thecpct-toolfolder for theCPCT Tool, you can download it again here underReleasesandrerunthestart.exefile like you did before.
*It is OK, if you find that you have multiple or many instances of the CPCT Tool running or hosted inside of Docker Desktop. Feel free to stop and delete them if needed. You can download the zip file again and rerun the start.exe again to recreate and run the Docker Image anytime.
-- CPCT Tool