NetBox Plugin Ideas
Propose and vote for your most-wanted NetBox plugins!
Propose and vote for your most-wanted NetBox plugins!
A way to model x509 Certificates such as client certificates used in mTLS, server, intermediate (chain), and root certificates.
Details about the certificates could include but not limited to items under the structure of x509 digital certificates https://en.m.wikipedia.org/wiki/X.509
Could also model different Certificate Authorities (CA’s) and their intermediate and root certificates.
This plugin could dive into the realm of automating the generation of things like CSR’s and interacting with CA’s RestAPI’s.
|
Use case
A way to document and keep track of current self signed or paid x509 certificates for things like upcoming expiry dates. Potential for automation in the future. |
Another idea is to manage a certbot? So it is not needed to manage all the formats? Then it is may be better to request the outstanding renewals to show at the right place.
Came here to suggest this idea and found your idea. Love it. May I add a few suggestions?
Ability to export the certificates in various formats (PEM, PEM chain, PKCS #7, PKCS #7 chain, PKCS #12, PKCS #12 chain, DER) to either clipboard or file
Ability to import via form or file
Ability to associate a certificate with a device (at minimum), bonus points for being able to do it for anything in the model
Ability to create a generic template or config context and associate it with a service template or as a standalone. I can't tell you how many times I've run into problems with certificate compatibility. Some stuff supports EC-DSA, other stuff only RSA. The template should be able to describe what the application is expecting. Vendors are terrible at documenting this and it takes extensive research sometimes to determine the exact OID's required.
Document metadata about the CA: is it offline, or online? Backed by HSM? What kind, what serial number, how to I access it? Where do I submit a CSR and how do I get it approved?