Skip to content

arlotito/est-server-docker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
client
client
 
 
server
server
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

est-docker

Containerized version of GlobalSign EST server/client, for TESTING and DEVELOPMENT purposes only.

Pre-built image: arlotitopub.azurecr.io/globalsign-est/server:1.0.6-1

You can either run it using the default configuration with autogenerated ephimeral certificates:

sudo docker run -d \
  -p 8443:8443 \
  --name my-est-server \
  arlotitopub.azurecr.io/globalsign-est/server:1.0.6-1

...or you can run it with a custom configuration and bring-your-own-certificates (BYOC):

sudo docker run -d \
  -p 8443:8443 \
  -v $(pwd)/server.cfg:/etc/est/server.cfg \
  -v $(pwd)/est-certs:/var/lib/est \
  --name my-est-server \
  arlotitopub.azurecr.io/globalsign-est/server:1.0.6-1 \
  /go/bin/estserver -config /etc/est/server.cfg

Deatails on custom configuration and BYOC in the following sections.

run with a custom configuration and bring-your-own-certificates (BYOC)

  1. Let's create the certificates:
mkdir ./est-certs
cd ./est-certs

# create self-signed server certificate
SERVER_CN="est.arturol76.net"
openssl req -newkey rsa:4096  -x509  -sha512  -days 365 -nodes -subj "/CN=${SERVER_CN}" -out server.pem -keyout server.key

# create CA certificate
CA_CN="my EST CA"
openssl req -newkey rsa:4096  -x509  -sha512  -days 365 -nodes -subj "/CN=${CA_CN}/C=US/ST=Somewhere/L=Here/O=MyOrg" -out ca.pem -keyout ca.key

# fix permissions
chmod 0444 server.pem ca.pem
chmod 0400 server.key ca.key

cd ..
  1. Let's create a "server.cfg" file with the following content:
cat > server.cfg <<EOF
{
    "mock_ca": {
        "certificates": "/var/lib/est/ca.pem",
        "private_key": "/var/lib/est/ca.key"
    },
    "tls": {
        "listen_address": "0.0.0.0:8443",
        "certificates": "/var/lib/est/server.pem",
        "private_key": "/var/lib/est/server.key"
    }
}
EOF
  1. run the docker container:
sudo docker run -d \
  -p 8443:8443 \
  -v $(pwd)/server.cfg:/etc/est/server.cfg \
  -v $(pwd)/est-certs:/var/lib/est \
  --name my-est-server \
  arlotitopub.azurecr.io/globalsign-est/server:1.0.6-1 \
  /go/bin/estserver -config /etc/est/server.cfg

test ssl cert

SERVER_URL="est.arturol76.net"
openssl s_client -connect $SERVER_URL:8443 -showcerts

get server certificate

echo | openssl s_client -servername $SERVER_URL -connect $SERVER_URL:8443 |\
  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > server.pem

get CA

curl https://$SERVER_URL:8443/.well-known/est/cacerts -o cacerts.p7 --cacert ./server.pem
openssl base64 -d -in cacerts.p7 | openssl pkcs7 -inform DER -outform PEM -print_certs | sed '/^$\|subject\|issuer/d' > cacerts.pem
rm cacerts.p7

build and push

TAG=1.0.6-1

# build
sudo docker build -t arlotitopub.azurecr.io/globalsign-est/server:1.0.6-1 ./server

# push
sudo docker push arlotitopub.azurecr.io/globalsign-est/server:1.0.6-1

resources

About

EST server in a docker container

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published