EdgeCA is an ephemeral, in-memory CA providing service mesh machine identities.
This early release is meant for evaluation only.
To install the snap simply do
snap install edgeca
edgeca is the command line interface (CLI) application you will use to create CSRs and certificates
The client can generate CSR requests independently but to sign certificates it needs to have an instance of EdgeCA running in server mode as well either locally or remotely.
The snap package starts up an instance of the edgeca server as a background process by default and the server does therefore not need to be manually launched. It starts up in the default self-signed mode. To use TPP, set the following:
$ sudo snap set edgeca tpp.token="your token" $ sudo snap set edgeca tpp.zone="your zone" $ sudo snap set edgeca tpp.url="your tpp url"
once those three have been set, the edgeca server will establish a TPP connection
To view the server logs do
snap logs -f edgeca.edgeca-server
The policy can likewise be set with
$ sudo snap set edgeca policy="policy filename"
The client is run using
If you prefer not the default local edgeca server - for instance if you are running the server it on a different computer, then you can stop the local server by doing
sudo snap stop edgeca.edgeca-server
The edgeca client connects to the server in a secure way using gRPC over TLS. To be able to connect to the remote server you need to copy the gRPC TLS certificate generated by the remote server, as per the log when running the server:
Writing TLS Client certificate to /home/sidar/snap/edgeca/x1/.edgeca/certs/edgeca-client-cert.pem Writing TLS Client key to /home/sidar/snap/edgeca/x1/.edgeca/certs/edgeca-client-key.pem
Copy this certificate from the server to your local system, and then point edgeca at your remote server by using the “-d” parameter to provide the location of the TLS certificate generated by the server to authenticate the client.
edgeca gencert -d "/my-tls-directory/" --cn ...