ceremony --config path/to/config.yml
ceremony
is a tool designed for Certificate Authority specific key and certificate ceremonies. The main design principle is that unlike most ceremony tooling there is a single user input, a configuration file, which is required to complete a root, intermediate, or key ceremony. The goal is to make ceremonies as simple as possible and allow for simple verification of a single file, instead of verification of a large number of independent commands.
ceremony
has these modes:
root
- generates a signing key on HSM and creates a self-signed root certificate that uses the generated key, outputting a PEM public key, and a PEM certificate. After generating such a root for public trust purposes, it should be submitted to as many root programs as is possible/practical.intermediate
- creates a intermediate certificate and signs it using a signing key already on a HSM, outputting a PEM certificatecross-csr
- creates a CSR for signing by a third party, outputting a PEM CSR.cross-certificate
- issues a certificate for one root, signed by another root. This is distinct from an intermediate because there is no path length constraint and there are no EKUs.ocsp-signer
- creates a delegated OCSP signing certificate and signs it using a signing key already on a HSM, outputting a PEM certificatecrl-signer
- creates a delegated CRL signing certificate and signs it using a signing key already on a HSM, outputting a PEM certificatekey
- generates a signing key on HSM, outputting a PEM public keyocsp-response
- creates a OCSP response for the provided certificate and signs it using a signing key already on a HSM, outputting a base64 encoded responsecrl
- creates a CRL with the IDP extension andonlyContainsCACerts = true
from the provided profile and signs it using a signing key already on a HSM, outputting a PEM CRL
These modes are set in the ceremony-type
field of the configuration file.
This tool always generates key pairs such that the public and private key are both stored on the device with the same label. Ceremony types that use a key on a device ask for a "signing key label". During setup this label is used to find the public key of a keypair. Once the public key is loaded, the private key is looked up by CKA_ID.
ceremony
uses YAML for its configuration file, mainly as it allows for commenting. Each ceremony type has a different set of configuration fields.
ceremony-type
: string describing the ceremony type,root
.pkcs11
: object containing PKCS#11 related fields.Field Description module
Path to the PKCS#11 module to use to communicate with a HSM. pin
Specifies the login PIN, should only be provided if the HSM device requires one to interact with the slot. store-key-in-slot
Specifies which HSM object slot the generated signing key should be stored in. store-key-with-label
Specifies the HSM object label for the generated signing key. Both public and private key objects are stored with this label. key
: object containing key generation related fields.Field Description type
Specifies the type of key to be generated, either rsa
orecdsa
. Ifrsa
the generated key will have an exponent of 65537 and a modulus length specified byrsa-mod-length
. Ifecdsa
the curve is specified byecdsa-curve
.ecdsa-curve
Specifies the ECDSA curve to use when generating key, either P-224
,P-256
,P-384
, orP-521
.rsa-mod-length
Specifies the length of the RSA modulus, either 2048
or4096
.outputs
: object containing paths to write outputs.Field Description public-key-path
Path to store generated PEM public key. certificate-path
Path to store signed PEM certificate. certificate-profile
: object containing profile for certificate to generate. Fields are documented below.
Example:
ceremony-type: root
pkcs11:
module: /usr/lib/opensc-pkcs11.so
store-key-in-slot: 0
store-key-with-label: root signing key
key:
type: ecdsa
ecdsa-curve: P-384
outputs:
public-key-path: /home/user/root-signing-pub.pem
certificate-path: /home/user/root-cert.pem
certificate-profile:
signature-algorithm: ECDSAWithSHA384
common-name: CA intermediate
organization: good guys
country: US
not-before: 2020-01-01 12:00:00
not-after: 2040-01-01 12:00:00
key-usages:
- Cert Sign
- CRL Sign
This config generates a ECDSA P-384 key in the HSM with the object label root signing key
and uses this key to sign a self-signed certificate. The public key for the key generated is written to /home/user/root-signing-pub.pem
and the certificate is written to /home/user/root-cert.pem
.
ceremony-type
: string describing the ceremony type,intermediate
orcross-certificate
.pkcs11
: object containing PKCS#11 related fields.Field Description module
Path to the PKCS#11 module to use to communicate with a HSM. pin
Specifies the login PIN, should only be provided if the HSM device requires one to interact with the slot. signing-key-slot
Specifies which HSM object slot the signing key is in. signing-key-label
Specifies the HSM object label for the signing keypair's public key. inputs
: object containing paths for inputsField Description public-key-path
Path to PEM subject public key for certificate. issuer-certificate-path
Path to PEM issuer certificate. outputs
: object containing paths to write outputs.Field Description certificate-path
Path to store signed PEM certificate. certificate-profile
: object containing profile for certificate to generate. Fields are documented below.
Example:
ceremony-type: intermediate
pkcs11:
module: /usr/lib/opensc-pkcs11.so
signing-key-slot: 0
signing-key-label: root signing key
inputs:
public-key-path: /home/user/intermediate-signing-pub.pem
issuer-certificate-path: /home/user/root-cert.pem
outputs:
certificate-path: /home/user/intermediate-cert.pem
certificate-profile:
signature-algorithm: ECDSAWithSHA384
common-name: CA root
organization: good guys
country: US
not-before: 2020-01-01 12:00:00
not-after: 2040-01-01 12:00:00
ocsp-url: http://good-guys.com/ocsp
crl-url: http://good-guys.com/crl
issuer-url: http://good-guys.com/root
policies:
- oid: 1.2.3
- oid: 4.5.6
key-usages:
- Digital Signature
- Cert Sign
- CRL Sign
This config generates an intermediate certificate signed by a key in the HSM, identified by the object label root signing key
and the object ID ffff
. The subject key used is taken from /home/user/intermediate-signing-pub.pem
and the issuer is /home/user/root-cert.pem
, the resulting certificate is written to /home/user/intermediate-cert.pem
.
Note: Intermediate certificates always include the extended key usages id-kp-serverAuth as required by 7.1.2.2.g of the CABF Baseline Requirements. Since we also include id-kp-clientAuth in end-entity certificates in boulder we also include it in intermediates, if this changes we may remove this inclusion.
ceremony-type
: string describing the ceremony type,cross-csr
.pkcs11
: object containing PKCS#11 related fields.Field Description module
Path to the PKCS#11 module to use to communicate with a HSM. pin
Specifies the login PIN, should only be provided if the HSM device requires one to interact with the slot. signing-key-slot
Specifies which HSM object slot the signing key is in. signing-key-label
Specifies the HSM object label for the signing keypair's public key. inputs
: object containing paths for inputsField Description public-key-path
Path to PEM subject public key for certificate. outputs
: object containing paths to write outputs.Field Description csr-path
Path to store PEM CSR for cross-signing, optional. certificate-profile
: object containing profile for certificate to generate. Fields are documented below. Should only include Subject related fieldscommon-name
,organization
,country
.
Example:
ceremony-type: cross-csr
pkcs11:
module: /usr/lib/opensc-pkcs11.so
signing-key-slot: 0
signing-key-label: intermediate signing key
inputs:
public-key-path: /home/user/intermediate-signing-pub.pem
outputs:
csr-path: /home/user/csr.pem
certificate-profile:
common-name: CA root
organization: good guys
country: US
This config generates a CSR signed by a key in the HSM, identified by the object label intermediate signing key
, and writes it to /home/user/csr.pem
.
ceremony-type
: string describing the ceremony type,ocsp-signer
.pkcs11
: object containing PKCS#11 related fields.Field Description module
Path to the PKCS#11 module to use to communicate with a HSM. pin
Specifies the login PIN, should only be provided if the HSM device requires one to interact with the slot. signing-key-slot
Specifies which HSM object slot the signing key is in. signing-key-label
Specifies the HSM object label for the signing keypair's public key. inputs
: object containing paths for inputsField Description public-key-path
Path to PEM subject public key for certificate. issuer-certificate-path
Path to PEM issuer certificate. outputs
: object containing paths to write outputs.Field Description certificate-path
Path to store signed PEM certificate. certificate-profile
: object containing profile for certificate to generate. Fields are documented below. The key-usages, ocsp-url, and crl-url fields must not be set.
When generating an OCSP signing certificate the key usages field will be set to just Digital Signature and an EKU extension will be included with the id-kp-OCSPSigning usage. Additionally an id-pkix-ocsp-nocheck extension will be included in the certificate.
Example:
ceremony-type: ocsp-signer
pkcs11:
module: /usr/lib/opensc-pkcs11.so
signing-key-slot: 0
signing-key-label: intermediate signing key
inputs:
public-key-path: /home/user/ocsp-signer-signing-pub.pem
issuer-certificate-path: /home/user/intermediate-cert.pem
outputs:
certificate-path: /home/user/ocsp-signer-cert.pem
certificate-profile:
signature-algorithm: ECDSAWithSHA384
common-name: CA OCSP signer
organization: good guys
country: US
not-before: 2020-01-01 12:00:00
not-after: 2040-01-01 12:00:00
issuer-url: http://good-guys.com/root
This config generates a delegated OCSP signing certificate signed by a key in the HSM, identified by the object label intermediate signing key
and the object ID ffff
. The subject key used is taken from /home/user/ocsp-signer-signing-pub.pem
and the issuer is /home/user/intermediate-cert.pem
, the resulting certificate is written to /home/user/ocsp-signer-cert.pem
.
ceremony-type
: string describing the ceremony type,crl-signer
.pkcs11
: object containing PKCS#11 related fields.Field Description module
Path to the PKCS#11 module to use to communicate with a HSM. pin
Specifies the login PIN, should only be provided if the HSM device requires one to interact with the slot. signing-key-slot
Specifies which HSM object slot the signing key is in. signing-key-label
Specifies the HSM object label for the signing keypair's public key. inputs
: object containing paths for inputsField Description public-key-path
Path to PEM subject public key for certificate. issuer-certificate-path
Path to PEM issuer certificate. outputs
: object containing paths to write outputs.Field Description certificate-path
Path to store signed PEM certificate. certificate-profile
: object containing profile for certificate to generate. Fields are documented below. The key-usages, ocsp-url, and crl-url fields must not be set.
When generating a CRL signing certificate the key usages field will be set to just CRL Sign.
Example:
ceremony-type: crl-signer
pkcs11:
module: /usr/lib/opensc-pkcs11.so
signing-key-slot: 0
signing-key-label: intermediate signing key
inputs:
public-key-path: /home/user/crl-signer-signing-pub.pem
issuer-certificate-path: /home/user/intermediate-cert.pem
outputs:
certificate-path: /home/user/crl-signer-cert.pem
certificate-profile:
signature-algorithm: ECDSAWithSHA384
common-name: CA CRL signer
organization: good guys
country: US
not-before: 2020-01-01 12:00:00
not-after: 2040-01-01 12:00:00
issuer-url: http://good-guys.com/root
This config generates a delegated CRL signing certificate signed by a key in the HSM, identified by the object label intermediate signing key
and the object ID ffff
. The subject key used is taken from /home/user/crl-signer-signing-pub.pem
and the issuer is /home/user/intermediate-cert.pem
, the resulting certificate is written to /home/user/crl-signer-cert.pem
.
ceremony-type
: string describing the ceremony type,key
.pkcs11
: object containing PKCS#11 related fields.Field Description module
Path to the PKCS#11 module to use to communicate with a HSM. pin
Specifies the login PIN, should only be provided if the HSM device requires one to interact with the slot. store-key-in-slot
Specifies which HSM object slot the generated signing key should be stored in. store-key-with-label
Specifies the HSM object label for the generated signing key. Both public and private key objects are stored with this label. key
: object containing key generation related fields.Field Description type
Specifies the type of key to be generated, either rsa
orecdsa
. Ifrsa
the generated key will have an exponent of 65537 and a modulus length specified byrsa-mod-length
. Ifecdsa
the curve is specified byecdsa-curve
.ecdsa-curve
Specifies the ECDSA curve to use when generating key, either P-224
,P-256
,P-384
, orP-521
.rsa-mod-length
Specifies the length of the RSA modulus, either 2048
or4096
.outputs
: object containing paths to write outputs.Field Description public-key-path
Path to store generated PEM public key.
Example:
ceremony-type: key
pkcs11:
module: /usr/lib/opensc-pkcs11.so
store-key-in-slot: 0
store-key-with-label: intermediate signing key
key:
type: ecdsa
ecdsa-curve: P-384
outputs:
public-key-path: /home/user/intermediate-signing-pub.pem
This config generates an ECDSA P-384 key in the HSM with the object label intermediate signing key
. The public key is written to /home/user/intermediate-signing-pub.pem
.
ceremony-type
: string describing the ceremony type,ocsp-response
.pkcs11
: object containing PKCS#11 related fields.Field Description module
Path to the PKCS#11 module to use to communicate with a HSM. pin
Specifies the login PIN, should only be provided if the HSM device requires one to interact with the slot. signing-key-slot
Specifies which HSM object slot the signing key is in. signing-key-label
Specifies the HSM object label for the signing keypair's public key. inputs
: object containing paths for inputsField Description certificate-path
Path to PEM certificate to create a response for. issuer-certificate-path
Path to PEM issuer certificate. delegated-issuer-certificate-path
Path to PEM delegated issuer certificate, if one is being used. outputs
: object containing paths to write outputs.Field Description response-path
Path to store signed base64 encoded response. ocsp-profile
: object containing profile for the OCSP response.Field Description this-update
Specifies the OCSP response thisUpdate date, in the format 2006-01-02 15:04:05
. The time will be interpreted as UTC.next-update
Specifies the OCSP response nextUpdate date, in the format 2006-01-02 15:04:05
. The time will be interpreted as UTC.status
Specifies the OCSP response status, either good
orrevoked
.
Example:
ceremony-type: ocsp-response
pkcs11:
module: /usr/lib/opensc-pkcs11.so
signing-key-slot: 0
signing-key-label: root signing key
inputs:
certificate-path: /home/user/certificate.pem
issuer-certificate-path: /home/user/root-cert.pem
outputs:
response-path: /home/user/ocsp-resp.b64
ocsp-profile:
this-update: 2020-01-01 12:00:00
next-update: 2021-01-01 12:00:00
status: good
This config generates a OCSP response signed by a key in the HSM, identified by the object label root signing key
and object ID ffff
. The response will be for the certificate in /home/user/certificate.pem
, and will be written to /home/user/ocsp-resp.b64
.
ceremony-type
: string describing the ceremony type,crl
.pkcs11
: object containing PKCS#11 related fields.Field Description module
Path to the PKCS#11 module to use to communicate with a HSM. pin
Specifies the login PIN, should only be provided if the HSM device requires one to interact with the slot. signing-key-slot
Specifies which HSM object slot the signing key is in. signing-key-label
Specifies the HSM object label for the signing keypair's public key. inputs
: object containing paths for inputsField Description issuer-certificate-path
Path to PEM issuer certificate. outputs
: object containing paths to write outputs.Field Description crl-path
Path to store signed PEM CRL. crl-profile
: object containing profile for the CRL.Field Description this-update
Specifies the CRL thisUpdate date, in the format 2006-01-02 15:04:05
. The time will be interpreted as UTC.next-update
Specifies the CRL nextUpdate date, in the format 2006-01-02 15:04:05
. The time will be interpreted as UTC.number
Specifies the CRL number. Each CRL should have a unique monotonically increasing number. revoked-certificates
Specifies any revoked certificates that should be included in the CRL. May be empty. If present it should be a list of objects with the fields certificate-path
, containing the path to the revoked certificate,revocation-date
, containing the date the certificate was revoked, in the format2006-01-02 15:04:05
, andrevocation-reason
, containing a non-zero CRLReason code for the revocation taken from RFC 5280.
Example:
ceremony-type: crl
pkcs11:
module: /usr/lib/opensc-pkcs11.so
signing-key-slot: 0
signing-key-label: root signing key
inputs:
issuer-certificate-path: /home/user/root-cert.pem
outputs:
crl-path: /home/user/crl.pem
crl-profile:
this-update: 2020-01-01 12:00:00
next-update: 2021-01-01 12:00:00
number: 80
revoked-certificates:
- certificate-path: /home/user/revoked-cert.pem
revocation-date: 2019-12-31 12:00:00
This config generates a CRL that must only contain subordinate CA certificates signed by a key in the HSM, identified by the object label root signing key
and object ID ffff
. The CRL will have the number 80
and will contain revocation information for the certificate /home/user/revoked-cert.pem
. Each of the revoked certificates provided are checked to ensure they have the IsCA
flag set to true
.
The certificate profile defines a restricted set of fields that are used to generate root and intermediate certificates.
Field | Description |
---|---|
signature-algorithm |
Specifies the signing algorithm to use, one of SHA256WithRSA , SHA384WithRSA , SHA512WithRSA , ECDSAWithSHA256 , ECDSAWithSHA384 , ECDSAWithSHA512 |
common-name |
Specifies the subject commonName |
organization |
Specifies the subject organization |
country |
Specifies the subject country |
not-before |
Specifies the certificate notBefore date, in the format 2006-01-02 15:04:05 . The time will be interpreted as UTC. |
not-after |
Specifies the certificate notAfter date, in the format 2006-01-02 15:04:05 . The time will be interpreted as UTC. |
ocsp-url |
Specifies the AIA OCSP responder URL |
crl-url |
Specifies the cRLDistributionPoints URL |
issuer-url |
Specifies the AIA caIssuer URL |
policies |
Specifies contents of a certificatePolicies extension. Should contain a list of policies with the field oid , indicating the policy OID. |
key-usages |
Specifies list of key usage bits should be set, list can contain Digital Signature , CRL Sign , and Cert Sign |