Docker Image: microsoft/aspnetcore-build:latest image with a custom CA web application hosted on port 8080, running as a non-privileged user. This is a web application which hosts a self-signed Certificate Authority. You can create/re-create the CA, and issue/delete leaf certificates at-will.
The purpose of this project is to make it simple and easy to stand up a new Certificate Authority. That is, a system which can dispense x.509/SSL/TLS "certificates".
If you work within a big company, you can likely get certificates (with some ceremony) from your security area. If you host internet-facing applications, you can automate certificates via Let's Encrypt.
However, for many other scenarios, it would be ideal to have your own CA. For example:
- For simple/quick testing
- For your home-lab (your router, NAS, Raspberry Pi's, etc.)
- For smaller companies, for your intranet.
- For infrastructure-facing uses - like a private CA for Docker Swarm.
The point is, in the year 2017, you should be able to have a simple and easy way to have a Certificate Authority, and now, you can!
To run this headless, as a daemon, exposing the website on http://localhost:8080, and mapping /var/localCA/ in the container, to your $HOME/Desktop/localCA/ directory, and limiting the container to use only 40MB of RAM (usually runs ~27MB), run:
$ docker run -d -p 8080:8080 -v ~/Desktop/localCA/:/var/localCA/
--memory=40m division42llc/dotnet-webca
$ docker run -d -p 8080:8080 -v %UserProfile%/Desktop/localCA/:/var/localCA/
--memory=40m division42llc/dotnet-webca
To run this headless, as a daemon, exposing the website on http://localhost:8080, and mapping /var/localCA/ in the container, to your $HOME/Desktop/localCA/ directory, and limiting the container to use only 40MB of RAM (usually runs ~27MB), run:
$ docker run -it -p 8080:8080 -v ~/Desktop/localCA/:/var/localCA/
--memory=40m division42llc/dotnet-webca
$ docker run -it -p 8080:8080 -v %UserProfile%/Desktop/localCA/:/var/localCA/
--memory=40m division42llc/dotnet-webca
As of this writing, this basically works. You can create/delete/re-create the CA, and it will list certificates in the leaf folder. You can also create/delete/view leaf certificates.
Below are some screenshots of the application. First, working with the CA, itself:
Then, working with leaf certificates, signed by the CA: