1.6 KiB
1.6 KiB
Cheese
A Certificate Transparency log configuration and deployment tool for Google's [TesseraCT] implementation. It tries to look and feel a little like the one provided by [Sunlight].
Configuration Generator
The tesseract/genconf tool generates CT log configuration files and keys from a YAML specification
in a very similar way to Sunlight.
Usage
- Create YAML configuration file:
listen:
- "[::]:16420"
roots: /etc/tesseract/roots.pem
logs:
- shortname: example2025h1
listen: "[::]:16900"
inception: 2025-01-01
submissionprefix: https://example2025h1.log.ct.example.com
monitoringprefix: https://example2025h1.mon.ct.example.com
extraroots: /etc/tesseract/extra-roots.pem
secret: /etc/tesseract/keys/example2025h1.pem
localdirectory: /var/lib/tesseract/example2025h1/data
notafterstart: 2025-01-01T00:00:00Z
notafterlimit: 2025-07-01T00:00:00Z
- Generate private keys:
mkdir -p /etc/tesseract/keys
go run ./tesseract/genconf/main.go -c config.yaml gen-key
- Create directories and generate environment files:
mkdir -p /var/lib/tesseract/example2025h1/data
go run ./tesseract/genconf/main.go -c config.yaml gen-env
- Generate HTML and JSON files:
go run ./tesseract/genconf/main.go -c config.yaml gen-html
- Generate nginx configuration files:
go run ./tesseract/genconf/main.go -c config.yaml gen-nginx
You can symlink the generated $monitoringprefix.conf files from /etc/nginx/sites-enabled/.