Easy and common PKI for SSL-enabled packages

Registered by Thierry Carrez

Several packages make use of SSL certificates and public/private keys. They all tend to ship their own tools (apache2-ssl-certificate for apache2) which sometimes are not packaged in a usable way (easy-rsa for openvpn). We should provide a simple-to-use, CLI-driven and common way of managing a CA (or to generate certs to be signed by a commercial CA), that most SSL-enabled server packages in main could use. It could be named "upki" to continue on the ufw naming.

Related old spec: https://wiki.ubuntu.com/ImproveSSLCert

Blueprint information

Status:
Not started
Approver:
Jos Boumans
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
Drafting
Series goal:
Proposed for lucid
Implementation:
Deferred
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items