Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
An LDAP-authenticated automatic PKI certificate signing web service in perl
JavaScript Perl
branch: master

This branch is 1548 commits behind jameswhite:master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
bin
lib
root
script
t
.gitignore
Changes
Config.yaml.template
Makefile.PL
README
pkild.yml

README

[ -d /var/cache/git ] || mkdir -p /var/cache/git
(cd /var/cache/git; git-clone git://github.com/fapestniegd/pkild.git)
################################################################################
# Prerequisites: (debian lenny)
    apt-get install -y dh-make-perl                                            \
                       libcatalyst-perl libcatalyst-modules-perl               \
                       libcatalyst-modules-extra-perl                          \
                       libnet-ldap-perl libnet-ldap-server-perl                \
                       libconvert-asn1-perl libmoose-perl
     
# The following assume you're ${CWD} is the top-level pkild app...
cd /var/cache/git/pkild

# Catalyst-Plugin-Authentication-Store-LDAP (for authentication/authorization against LDAP)
    bin/cpan2deb http://search.cpan.org/CPAN/authors/id/K/KA/KARMAN/Net-LDAP-Server-Test-0.08.tar.gz
    dpkg -i /opt/local/src/CPAN/libnet-ldap-server-test-perl_0.08-1_all.deb

    # Results in:
    #   Content Encoding Error
    #   The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression.
    #bin/cpan2deb http://cpan.mirrors.hoobly.com/authors/id/K/KA/KARMAN/Catalyst-Authentication-Store-LDAP-1.006.tar.gz
    #dpkg -i /opt/local/src/CPAN/libcatalyst-authentication-store-ldap-perl_1.006-1_all.deb
    # So:
    bin/cpan2deb http://search.cpan.org/CPAN/authors/id/K/KA/KARMAN/Catalyst-Authentication-Store-LDAP-0.1005.tar.gz
    dpkg -i /opt/local/src/CPAN/libcatalyst-authentication-store-ldap-perl_0.1005-1_all.deb
    # or 
    # put instructions for apt repository here...

    bin/cpan2deb http://search.cpan.org/CPAN/authors/id/A/AG/AGRUNDMA/Catalyst-Plugin-RequireSSL-0.06.tar.gz
    dpkg -i /opt/local/src/CPAN/libcatalyst-plugin-requiressl-perl_0.06-1_all.deb
    # (you should really push these to your custom apt repo)

# Catalyst::Model::File (to access the certificates)
    bin/cpan2deb http://search.cpan.org/CPAN/authors/id/G/GR/GRODITI/Catalyst-Component-InstancePerContext-0.001001.tar.gz
    dpkg -i /opt/local/src/CPAN/libcatalyst-component-instancepercontext-perl_0.001001-1_all.deb
    bin/cpan2deb http://search.cpan.org/CPAN/authors/id/A/AS/ASH/Catalyst-Model-File-0.08.tar.gz
    dpkg -i /opt/local/src/CPAN/libcatalyst-model-file-perl_0.08-1_all.deb

# copy the Config.yaml.template to Config.yaml and replace the [% LDAP_<variables> %] manally
# OR
# Create the Config.yaml from the Config.yaml.template with:
    bin/secret-init # -> creates /usr/local/bin/secret where the LDAP password is cached.
    bin/local_config

# Test the application with: 
    script/pkild_server.pl

################################################################################
# Adding to Apache
# You'll need to install the ssl server too as this application forces SSL
# The "RequireSSL: Disabling SSL redirection while running under 
# Catalyst::Engine::HTTP" feature just makes it hang
################################################################################
apt-get install -y apache2-mpm-prefork libapache2-mod-perl2                  \
                   libcatalyst-engine-apache-perl perlmagick                 \
                   libcatalyst-modules-extra-perl libcatalyst-modules-perl   \
                   libcatalyst-perl libcatalyst-plugin-session-fastmmap-perl \
                   libcatalyst-view-tt-perl libhtml-prototype-perl

# Copy it to where apache will expect it to be:
if [ ! -d /var/cache/git ];then 
    mkdir -p /var/cache/git
    (cd /var/cache/git; git clone git://github.com/fapestniegd/pkild.git )
else
    (cd /var/cache/git/pkild; git pull)
fi

################################################################################
# apache setup (from a fresh install)
################################################################################
# if you don't have a certificate...
apt-get install ssl-cert 
# OR
bin/gpg-init
bin/ca_tree-init
# and edit the default-ssl below appropriately

(cd /etc/apache2/sites-enabled; ln -s ../sites-available/default-ssl 001-ssl)
(cd /etc/apache2/mods-enabled; ln -s ../mods-available/ssl.load)
(cd /etc/apache2/mods-enabled; ln -s ../mods-available/ssl.conf)

################################################################################
# Just the config stuff
################################################################################
# httpd.conf (ssl and non-ssl)
# (Outside of VirtualHost block (main section))
PerlSwitches -I/var/cache/git/pkild/lib
PerlModule pkild

#<VirtualHost..>
    <Location />
        SetHandler          modperl
        PerlResponseHandler pkild
    </Location>
#</VirtualHost..>

/etc/init.d/apache2 restart

# That's it.

################################################################################
# Thoughts
################################################################################
Create:
  Root Certificate Authority
    Intermediate Certificate Authority
      host_certificate
    Intermediate Certificate Authority
    
Something went wrong with that request. Please try again.