first fully working version of leap_ca

1 files changed, 109 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..af02f7f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,109 @@
+LEAP Certificate Authority Daemon
+---------------------------------------------------
+
+``leap_ca`` is a background daemon that generates x509 certificates as needed and stores them in CouchDB. You can run ``leap_ca`` on a machine that is not connected to a network, and then periodically connect to sync up the cert database.
+
+* Its only interface with the outside world is a CouchDB connection (defaults to localhost).
+* The daemon monitors changes to the database and fills it with x509 certs as needed.
+* It requires access to a Certificate Authority (in other words, the RSA private key and x509 root certificate, in PEM format).
+
+This program is written in Ruby and is distributed under the following license:
+
+> GNU Affero General Public License
+> Version 3.0 or higher
+> http://www.gnu.org/licenses/agpl-3.0.html
+
+Installation
+---------------------
+
+Prerequisites:
+
+    sudo apt-get install ruby ruby-dev couchdb
+    # if you are running ruby 1.8, you will also need rubygems.
+    # for development, you will also need git, bundle, and rake.
+
+From source:
+
+    git clone git://leap.se/leap_ca
+    cd cleap_ca
+    bundle
+    rake build
+    sudo rake install
+
+From gem:
+
+    sudo gem install leap_ca
+
+Running
+--------------------
+
+See if it worked:
+
+    leap_ca run -- test/config/config.yaml
+    browse to http://localhost:5984/_utils
+
+How you would run normally in production mode:
+
+    leap_ca start
+    leap_ca stop
+
+See ``leap_ca --help`` for more options.
+
+Configuration
+---------------------
+
+``leap_ca`` reads the following configurations files, in this order:
+
+* ``$(leap_ca_source)/config/default_config.yaml``
+* ``/etc/leap/leap_ca.yaml``
+* Any file passed to ARGV like so ``leap_ca start -- /etc/leap_ca.yaml``
+
+Other than ``ca_key_path`` and ``ca_cert_path`` you can probably leave all other options at their default values.
+
+The default options are:
+
+    #
+    # Default configuration options for LEAP Certificate Authority Daemon
+    #
+
+    #
+    # Certificate Authority
+    #
+    ca_key_path: "../test/files/ca.key"
+    ca_key_password: nil
+    ca_cert_path: "../test/files/ca.crt"
+
+    #
+    # Certificate pool
+    #
+    max_pool_size: 100
+    client_cert_lifespan: 2
+    client_cert_bit_size: 2024
+    client_cert_hash: "SHA256"
+
+    #
+    # Database
+    #
+    db_name: "client_certificates"
+    couch_connection:
+      protocol: "http"
+      host: "localhost"
+      port: 5984
+      username: ~
+      password: ~
+      prefix: ""
+      suffix: ""
+
+Rake Tasks
+----------------------------
+
+    rake -T
+    rake build      # Build leap_ca-x.x.x.gem into the pkg directory
+    rake install    # Install leap_ca-x.x.x.gem into either system-wide or user gems
+    rake test       # Run tests
+    rake uninstall  # Uninstall leap_ca-x.x.x.gem from either system-wide or user gems
+
+Todo
+----------------------------
+
+* Remove deprecated 'yajl/http_stream'