Quickly create Certificate Authorities (CAs) for your applications.
- ParseCertificateAuthority - Send CSR's and retreive certificates to/from
ca-serverfrom Parse-Swift based clients and servers - CertificateSigningRequest - Generate CSR's on Swift clients and servers that can later be signed by
ca-server - Parse-Swift - Write Parse client apps in Swift. When coupled with ParseCertificateAuthority and CertificateSigningRequest, provides the complete client-side stack for generating CSR's, sending/receiving certificates to/from
ca-server - ParseServerSwift - Write Parse Server Cloud Code apps in Swift. When coupled with ParseCertificateAuthority, CertificateSigningRequest, and Parse-Swift provides the complete server-side stack for generating CSR's, sending/receiving certificates to/from
ca-server
Multiple images are automatically built for your convenience. Images can be found at the following locations:
Below is a list of environment variables available to configure ca-server. It is required to mount the folder containing CA_SERVER_PRIVATE_KEY_FILE and CA_SERVER_ROOT_CA_CERT. It is recommended to mount the folder containing CA_SERVER_DATABASE_NAME to persist your database during restarts. See https://rajanmaharjan.medium.com/secure-your-mongodb-connections-ssl-tls-92e2addb3c89 to learn how to create a private key and root certificate. It is also recommended to mount the folder containing CA_SERVER_CA_DIRECTORY to persist any files created by ca-server.
CA_SERVER_PRIVATE_KEY_FILE=./server/ca/private/cakey.pem # (Required) Location and name of private key
CA_SERVER_ROOT_CA_CERT=./server/ca/private/cacert.der # (Required) Location and name of CA certificate
CA_SERVER_DATABASE_NAME=./server/dbs/appdb.sqlite # (Required) Location and name of the database
CA_SERVER_CA_DIRECTORY=./server/ca # Location to store CA related files
CA_SERVER_ROUTE_ROOT_CERTIFICATE_PREFIX=/ca_certificate # The prefix to add root certificate related routes
CA_SERVER_ROUTE_USER_PREFIX=/appusers # The prefix to add to all user related routes
CA_SERVER_ROUTE_CERTIFICATE_PREFIX=/certificates # The prefix to add to all certificate related routes
CA_SERVER_ROUNDS=5 # Number of rounds
Use the docker-compose.yml file to run on a docker container or
- Fork this repo
- In terminal, run
docker-compose up - Then Go to
http://localhost:3000/docsto view api docs and use as needed
Run directly on your local machine by:
- Fork this repo
- Install python 3.10.x and poetry
- Running
poetry install in the root directory - Run
poetry run uvicorn server.main:app --host 0.0.0.0 --port 3000 - Then Go to
http://localhost:3000/docsto view api docs and use as needed
If you need to run ca-server behind a proxy, --root-path needs to be added to command to start ca-server in the docker-compose.yml file. The root path should match the exact endpoint proxying to ca-server. For example, if your endpoint is /ca, then the proper command is below:
# `docker-compose.yml`
command: [ "./start-poetry.sh", "poetry", "run", "uvicorn", "server.main:app", "--host", "0.0.0.0", "--port", "3000", "--root-path", "/ca" ]In addition, two endpoints to the nginx configuration file:
# Allow access to the docs of your ca-server
location /ca/docs {
proxy_pass http://ca-server:3000/docs;
}
# Allow access to the rest of your ca-server api
location /ca/ {
proxy_pass http://ca-server:3000/;
}