1 Vulture PKI

1.1 Installation

http://vulture.open-source.fr/wiki/PKI

Constrction sous centos5 à partir du package source

[builder@buildcentos5 ~]
$ wget http://vulture.open-source.fr/download/SRPMS/vulture-1.98-2.src.rpm

[builder@buildcentos5 ~/rpmbuild/SPECS]
$ rpmbuild -ba vulture.spec 
...
Wrote: /home/builder/rpmbuild/SRPMS/vulture-1.98-2.src.rpm
Wrote: /home/builder/rpmbuild/RPMS/i386/vulture-1.98-2.i386.rpm
Wrote: /home/builder/rpmbuild/RPMS/i386/vulture-pki-1.98-2.i386.rpm

installation

$ rpm -ivh vulture-pki-1.98-2.i386.rpm
erreur: Dépendances requises:
        mod_python est nécessaire pour vulture-pki-1.98-2.i386
        python-sqlite2 est nécessaire pour vulture-pki-1.98-2.i386

$ yum install mod_python python-sqlite2
Installed: mod_python.i386 0:3.2.8-3.1 python-sqlite2.i386 1:2.3.3-1.el5

$ rpm -ivh vulture-pki-1.98-2.i386.rpm
Préparation...              ########################################### [100%]
   1:vulture-pki            ########################################### [100%]
Generating a 1024 bit RSA private key
.....................................................................++++++
............................................++++++
writing new private key to '/opt/INTRINsec/vulture-pki/conf/server.key'
-----
Generating a 1024 bit RSA private key
............++++++
.................++++++
writing new private key to '/opt/INTRINsec/vulture-pki/conf/cacert.key'
-----

1.2 Interface

lancement:

/usr/sbin/httpd -f /opt/INTRINsec/vulture-pki/conf/pki.conf

acces sur https://localhost:9191/

2 Certificat Racine

[root@calaz /opt/INTRINsec/vulture-pki/conf]
$ openssl req -x509 -newkey rsa:1024 -batch -out  ca_it_cert.pem -keyout ca_it_cert.key -nodes -config openssl.cnf -extensions v3_ca
Generating a 1024 bit RSA private key
......++++++
..++++++
writing new private key to 'ca_it_cert.key'
-----

3 Database Vulture

[root@calaz /opt/INTRINsec/vulture-pki/conf]
$ python  manage.py syncdb
Creating table django_content_type
Creating table django_session
Creating table auth_message
Creating table auth_group
Creating table auth_user
Creating table auth_permission
Creating many-to-many tables for Group model
Creating many-to-many tables for User model
Creating table profile
Creating table vulture_certprofile
Creating table if
Creating table log
Creating table header
Creating table vulture_groupok
Creating table app
Creating table sql
Creating table auth
Creating table acl
Creating table ssl
Creating table cert
Creating table user
Creating table conf
Creating table ldap
Creating table vulture_userok
Adding content type 'contenttypes | contenttype'
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes
import pwd # builtin
Username (Leave blank to use 'root'): 
E-mail address: root@localhost
Error: That e-mail address is invalid.
E-mail address: root@calaz.int-evry.fr
Password: 
Password (again): 
Superuser created successfully.
Installing initial data for Log model
Installing initial data for SQL model
Installing initial data for Auth model
Installing initial data for User model
Installing initial data for Conf model

$ file /opt/INTRINsec/vulture-pki/www/db
/opt/INTRINsec/vulture-pki/www/db: SQLite 3.x database

4 Utilisation

4.1 Profile de pki

• vulture-pki-1st-access:
  

4.2 Ajout certificat racine

• vulture-pki-profile-pkiit:
  

4.3 Creation d'un certificat

• vulture-pki-certificat1:
  

5 Perspectives

Pour l'instant l'interface de signature est limité a 6 champs, on souhaiterais disposer d'un maximum d'options openssl, c'est à l'etude, cf fin de thread:

http://groups.open-source.fr/viewtopic.php?t=925&sid=1d46ea45ec73cae409b35c619e266b78