GnoMint
Encyclopedia
gnoMint is a free
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...

 tool for managing X.509
X.509
In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...

 certification authorities.

Its purpose is to offer an easy to use interface for creating certification authorities and all related elements including X.509
X.509
In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...

 digital certificates, certificate signing request
Certificate signing request
In public key infrastructure systems, a certificate signing request is a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate...

s and certificate revocation list
Certificate revocation list
In the operation of some cryptosystems, usually public key infrastructures , a certificate revocation list is a list of certificates that have been revoked, and therefore should not be relied upon.-Revocation States:There are two different states of revocation defined in RFC 3280:* Revoked: A...

s.

Features

gnoMint has the following features:
  • All the infrastructure needed to keep and run a certification authority is saved in only one file.
  • It's able to create certificate signing request
    Certificate signing request
    In public key infrastructure systems, a certificate signing request is a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate...

    s, allowing to export them to PKCS#8 files, so they can be send to other CAs.
  • Allows the creation of X.509
    X.509
    In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...

     certificates, with a usual set of subject-parameters.
  • Can export certificates and private keys to PEM
    Privacy-enhanced Electronic Mail
    Privacy Enhanced Mail , is a 1993 IETF proposal for securing email using public-key cryptography. Although PEM became an IETF proposed standard it was never widely deployed or used....

     files, so they can be used by external applications. It also allows to export PKCS#12 structures, so the certificates can be imported easily by web and mail clients.
  • The user can establish a set of policies for certificate generation in each one of the existing CAs.
  • gnoMint can import CSRs
    Certificate signing request
    In public key infrastructure systems, a certificate signing request is a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate...

     made by other applications.
  • The certificates can be revoked, with generation of the corresponding CRLs
  • It allows the possibility of keeping the CA private key, or other private keys, in external files or devices (as USB drives)
  • gnoMint is able to manage of a whole hierarchy of CAs, simultaneously, with their respectives certificates.
  • Pre-existing Certification Authorities made by other applications, as OpenSSL
    OpenSSL
    OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions...

     or TinyCA, can be imported with all their data.
  • It has a CLI
    CLI
    -Computing:* Command-line interface, sending commands to a computer by text typed into a command-line interpreter .* Call Level Interface, an SQL database management API...

     intended for batch certificate creation, or integration with other utilities.

Licence and motivation

gnoMint is licensed under the GNU General Public License
GNU General Public License
The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....

.

gnoMint is intended to help all systems and network administrators to deploy a Certification Authority very easily. Its development was started due to the lack of a 'just-works' CA software. According to gnoMint's author, "creating a CA from zero, through open-source command-line utilities, was possible, but was uncomfortable to remember all the necessary parameters. And you had to create a difficult configuration file."

Sources

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK