mirror of
https://github.com/outbackdingo/labca.git
synced 2026-01-27 18:19:33 +00:00
33 lines
3.4 KiB
Cheetah
33 lines
3.4 KiB
Cheetah
{{ define "body" }}
|
|
<h3>About LabCA</h3>
|
|
|
|
<p>For the public internet, <a href="https://letsencrypt.org/">Let's Encrypt™</a> is providing free HTTPS certificates in an easy and automated way, without human interaction. There are many clients available to interact with their so called ACME (Automated Certificate Management Environment). They also have a staging environment that allows you to get things right before issuing trusted certificates and reduce the chance of you running up against rate limits.</p>
|
|
|
|
<blockquote>
|
|
<p>We want to create a more secure and privacy-respecting Web</p>
|
|
<small>Let's Encrypt™</small>
|
|
</blockquote>
|
|
|
|
<p>One technical requirement however is to have a publicly reachable location where your client application and their server can exchange information. For intranet / company internal applications or for testing clients within your organization this may not always be feasible.</p>
|
|
|
|
<p>Luckily they have made the core of their application, called "Boulder", available as <a href="https://github.com/letsencrypt/boulder/">open source</a>. It is possible to install Boulder on your own server and use it internally to hand out certificates. As long as all client machines / laptops in your organization trust your root CA certificate, all certificates it signed are trusted automatically and users see a green lock icon in their browsers.</p>
|
|
|
|
<p>Also if you are developing your own client application or integrating one into your own application, a local test ACME can be very handy. There is a lot of information on the internet about setting up your own PKI (Public Key Infrastructure) but those are usually not automated.</p>
|
|
|
|
<p>Getting Boulder up and running has quite a learning curve though and that is where <b><a href="https://lab-ca.net/">LabCA</a></b> comes in. It is a self-contained installation with a nice web GUI built on top of Boulder so you can quickly start using it. All regular management tasks can be done from the web interface. It is best installed in its own Virtual Machine and uses Debian Linux as a base.</p>
|
|
|
|
<p>NOTE: although LabCA tries to be as robust as possible, use it at your own risk. If you depend on it, make sure that you know what you are doing!</p>
|
|
|
|
{{ if .Standalone }}
|
|
<p> </p>
|
|
<h4>Standalone GUI Version</h4>
|
|
<p>As the ACME protocol is a standard (<a href="https://tools.ietf.org/html/rfc8555">RFC8555</a>) and not limited to boulder, there also are other implementations, e.g. <a href="https://smallstep.com/certificates/">step-ca</a> from Smallstep™ that you can run and manage yourself.</p>
|
|
|
|
<p>Getting started with step-ca is much easier than starting with boulder. But Smallstep is not providing a self-managed web GUI to easily see what certificates have been issued by step-ca and what their expiry statuses are. In fact they are using a very specific database storage that does not allow you to query the data directly from a normal database client either.</p>
|
|
|
|
<p>As the structure of the ACME data is pretty standard anyway, this standalone version of the LabCA GUI was created to work with step-ca (and potentially other ACME implementations in the future). It only works with their MySQL backend, as the BadgerDB backend has several limitations.</p>
|
|
|
|
<p>The standalone GUI is distributed as a single binary so that it can be easily installed and started.</p>
|
|
{{ end }}
|
|
{{ end }}
|