Mirror
/
acmed
mirror of https://github.com/breard-r/acmed.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
42 Commits
12 Branches
27 Tags
2.2 MiB
Tree: c5c9d17885
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c5c9d17885'
${ noResults }
acmed/README.md

67 lines
4.4 KiB
Raw Normal View History

Switch from heading underline to ATX headings Both markdown and CommonMark support only 2 level of heading underline. A third level using the `~` character is only supported as an extension in some implementations. While GitHub and most software do not support it, it is a better choice to switch to ATX headings. https://daringfireball.net/projects/markdown/syntax https://spec.commonmark.org/
6 years ago
Expand the readme
6 years ago
Add badges to the readme
6 years ago
Update the rustc badge
5 years ago
Fix the readme
6 years ago
Replace the space by %20
6 years ago
Add badges to the readme
6 years ago
Add a README.md file
6 years ago
Switch from heading underline to ATX headings Both markdown and CommonMark support only 2 level of heading underline. A third level using the `~` character is only supported as an extension in some implementations. While GitHub and most software do not support it, it is a better choice to switch to ATX headings. https://daringfireball.net/projects/markdown/syntax https://spec.commonmark.org/
6 years ago
Add a README.md file
6 years ago
Add hooks before and after a file is created or edited It is considered a good practice to archive old certificates and private keys instead of simply dropping them away. Because ACMEd should not impose a way of doing things to system administrators, hooks are the way to go.
6 years ago
Add a README.md file
6 years ago
Update the README
5 years ago
Add a README.md file
6 years ago
Switch from heading underline to ATX headings Both markdown and CommonMark support only 2 level of heading underline. A third level using the `~` character is only supported as an extension in some implementations. While GitHub and most software do not support it, it is a better choice to switch to ATX headings. https://daringfireball.net/projects/markdown/syntax https://spec.commonmark.org/
6 years ago
Expand the readme
6 years ago
Update the README
5 years ago
Expand the readme
6 years ago
Add badges to the readme
6 years ago
Add a README.md file
6 years ago
Update the minimal rustc version
5 years ago
Add a README.md file
6 years ago
Specify the OpenSSL dependency in the readme
6 years ago
Add a README.md file
6 years ago
Reduce the executable size In release mode, the executable size should be kept to the bare minimum in order to be used in environments with low storage and reduce the data consumption when pre-built packages are downloaded. Because performance is absolutely not needed, it allows to a quite aggressive compiling strategy (opt-level = 'z'). https://doc.rust-lang.org/cargo/reference/manifest.html#the-profile-sections Fixes #1
5 years ago
Add a README.md file
6 years ago
Expand the readme
6 years ago
Switch from heading underline to ATX headings Both markdown and CommonMark support only 2 level of heading underline. A third level using the `~` character is only supported as an extension in some implementations. While GitHub and most software do not support it, it is a better choice to switch to ATX headings. https://daringfireball.net/projects/markdown/syntax https://spec.commonmark.org/
6 years ago
Expand the readme
6 years ago
Switch from heading underline to ATX headings Both markdown and CommonMark support only 2 level of heading underline. A third level using the `~` character is only supported as an extension in some implementations. While GitHub and most software do not support it, it is a better choice to switch to ATX headings. https://daringfireball.net/projects/markdown/syntax https://spec.commonmark.org/
6 years ago
Expand the readme
6 years ago
Add question about the FOSS
6 years ago
Switch from heading underline to ATX headings Both markdown and CommonMark support only 2 level of heading underline. A third level using the `~` character is only supported as an extension in some implementations. While GitHub and most software do not support it, it is a better choice to switch to ATX headings. https://daringfireball.net/projects/markdown/syntax https://spec.commonmark.org/
6 years ago
Expand the readme
6 years ago
Update the README
5 years ago
Expand the readme
6 years ago
Switch from heading underline to ATX headings Both markdown and CommonMark support only 2 level of heading underline. A third level using the `~` character is only supported as an extension in some implementations. While GitHub and most software do not support it, it is a better choice to switch to ATX headings. https://daringfireball.net/projects/markdown/syntax https://spec.commonmark.org/
6 years ago
Expand the readme
6 years ago
Fix some stuff in the readme
6 years ago
Expand the readme
6 years ago
Fix some stuff in the readme
6 years ago
  1. # ACMEd
  3. [![Build Status](https://api.travis-ci.org/breard-r/acmed.svg?branch=master)](https://travis-ci.org/breard-r/acmed)
  4. [![Minimum rustc version](https://img.shields.io/badge/rustc-1.32.0+-lightgray.svg)](#build-from-source)
  5. [![LICENSE MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE-MIT.txt)
  6. [![LICENSE Apache 2.0](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE-APACHE-2.0.txt)
  8. The Automatic Certificate Management Environment (ACME), is an internet standard ([RFC 8555](https://tools.ietf.org/html/rfc8555)) which allows to automate X.509 certificates signing by a Certification Authority (CA). ACMEd is one of the many clients for this protocol.
  11. ## Key features
  13. - HTTP-01 and DNS-01 challenges
  14. - RSA 2048, RSA 4096, ECDSA P-256 and ECDSA P-384 certificates
  15. - Fully customizable challenge validation action
  16. - Fully customizable archiving method (yes, you can use git or anything else)
  17. - Run as a deamon: no need to set-up timers, crontab or other time-triggered process
  18. - Nice and simple configuration file
  19. - Retry of HTTPS request rejected with a badNonce or other recoverable errors
  20. - Optional private-key reuse (useful for [HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning))
  23. ## Planned features
  25. - TLS-ALPN challenges
  26. - daemon and certificates management via the `acmectl` tool
  29. ## Build from source
  31. In order to compile ADMEd, you will need the [Rust](https://www.rust-lang.org/) compiler and its package manager, Cargo. The minimal required Rust version is 1.32.0, although it is recommended to use the latest stable one.
  33. ACMEd depends on the OpenSSL. The minimal supported versions are those from the [openssl](https://docs.rs/openssl/) crate, currently OpenSSL 1.0.1 through 1.1.1 and LibreSSL 2.5 through 2.8.
  35. ```
  36. cargo build --release && strip target/release/acmed
  37. ```
  39. The executable is located in `target/release/acmed`.
  42. ## Frequently Asked Questions
  44. ### Why this project?
  46. After testing multiple ACME clients, I found out none supported all the features I wished for (see the key features above). It may have been possible to contribute or fork an existing project, however I believe those project made architectural choices incompatible with what i wanted, and therefore it would be as much or less work to start a new project from scratch.
  48. ### Is it free and open-source software?
  50. Yes, ACMEd is dual-licensed under the MIT and Apache 2.0 terms.
  52. See [LICENSE-MIT.txt](LICENSE-MIT.txt) and [LICENSE-APACHE-2.0.txt](LICENSE-APACHE-2.0.txt) for details.
  54. ### Can it automatically change my server configuration?
  56. Short answer: No.
  58. Long answer: At some points in a certificate's life, ACMEd triggers hook in order to let you customize how some actions are done, therefore you can use those hooks to run any server configuration you wish. However, this may not be what you are looking for since it cannot proactively detect which certificates should be emitted since ACMEd only manages certificates that have already been declared in the configuration files.
  60. ### Why is RSA 2048 the default?
  62. Yes, ACMED support RSA 4096, ECDSA P-256 and ECDSA P-384. However, those are not (yet) fitted to be the default choice.
  64. It is not obvious at the first sight, but [RSA 4096](https://gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096) is NOT twice more secure than RSA 2048. In fact, it adds a lot more calculation while providing only a small security improvement. If you think you will use it anyway since you are more concerned about security than performance, please check your certificate chain up to the root. Most of the time, the root certificate and the intermediates will be RSA 2048 ones (that is the case for [Let’s Encrypt](https://letsencrypt.org/certificates/)). If so, using RSA 4096 in the final certificate will not add any additional security since a system's global security level is equal to the level of its weakest point.
  67. ECDSA certificates may be a good alternative to RSA since, for the same security level, they are smaller and requires less computation, hence improve performance. Unfortunately, as X.509 certificates may be used in various contexts, some software may not support this not-so-recent technology. To achieve maximal compatibility while using ECC, you usually have to set-up an hybrid configuration with both an ECDSA and a RSA certificate to fall-back to. Therefore, even if you are encouraged to use ECDSA certificates, it should not currently be the default. That said, it may be in a soon future.