Certification Authority (CA)
Certification authority (CA)
This flow is implements a certification authority (CA) based on Node-Red with ACME v2 (RFC 8555), PKIX OCSP (RFC 6960), and TSP (RFC 3161/5816).
New certificates can be obtained using ACMEv2 (RFC8555) protocol.
The list of available client implementations.
To use this flow, the following three steps have to be taken:
- Install jsrsasign
- Made jsrsasign available
- Deploy flows
- Restart node-red
Install jsrsasign
Install the jsrsasign node module for your node-red instance
using npm(1):
$ cd ~/.node-red
$ npm install jsrsasign
Made jsrsasign available
You'll have to add the jsrsasign and fs node modules to your
settings.js!
functionGlobalContext: {
jsrsasign:require('jsrsasign'),
fs:require('fs'),
},
Restart node-red
At a last step, you'll have to (re-)start node-red. The full
qualified domain name appearing in CDPs, and AIAs can be
configured using the HOSTNAME environment variable:
$ HOSTNAME=nodejs.rz-bsd.my.corp node-red
Deploy flows
Deploy flows to your .node-red directory:
$ cp flows_nodejs.json ~/.node-red/flows_$(hostname).json
Docker image
You might want to use the docker container provided at https://gitlab.com/platynum/certification-authority-docker
$ docker run registry.gitlab.com/platynum/certification-authority-docker
The project documentation of the docker sub-project contains more detailed information about how to use its image.
Configuration
After startup some keys and certificates are created automatically. If you want to reconfigure your flow, you should edit the appropiate nodes (mostly certificate profiles and key specifications) and regenerate the certificates and their responding keys.
Currently there is no configuration file.
Further information
If you experience any problems, have found a bug, or have questions, please visit https://gitlab.com/platynum/certification-authority for more information. Contributions are welcome!
