

Show HN: Caman – A self-signing certificate authority manager - radiac
https://github.com/radiac/caman

======
tokenizerrr
How does this compare to CA-baka?

[https://github.com/SethRobertson/CA-
baka](https://github.com/SethRobertson/CA-baka)

~~~
radiac
I hadn't come across this when I wrote caman; from the looks of things caman
is simpler to use, but missing a couple of features - alt hostname support for
SAN certificates (which I'm adding at the moment and should be up later today)
and ability to use a subsidiary certificate authority.

I wrote caman because I could never remember what to type, so it has simple
syntax - 4 commands, to add a new host, sign, revoke and renew; the only
argument they take are the hostname. Configuration is a one-off when setting
up your CA - there are two openssl config files with sensible defaults based
on openssl best practice, with a few values for you to customise, and some
basic templating for caman to fill out later.

~~~
radiac
I've added an experimental branch with SAN support, but I haven't had a chance
to test it fully yet; any feedback would be appreciated.

------
raidan
In the past I've used etcd-ca[0] to perform a similar function, though
probably not it's original intention.

[0] [https://github.com/coreos/etcd-ca](https://github.com/coreos/etcd-ca)

~~~
eliaspro
Just playing with SaltStack's recently added x509 state for a fully
autonomous/self-signed CA incl deployment to the clients.

