GoRevoke is a standalone Certificate Revocation List Distrution Point written in Go, designed to be lightweight and fully self-contained. Using a simple configuration, GoRevoke automates downloading and serving of remote CRLs. GoRevoke is based on, revoke, a shell based script providing similar function.
- Cross-platform compatiblity; tested on Linux and Windows
- Native and containerized deployment options
- Retrieve remote CRL data via HTTP or HTTPS
- Validation and confirmation of CRL data
- Built-in webserver alleviates the need for additional servers
- Ability to retrieve and serve an unlimited number of CRL sources
- Support for full and delta CRLs
- OCSP responder
GoRevoke can be deployed as either a containerized image or installed natively on the host. The following instructions outline basic installation and configuration options.
- On the host machine create the following directories:
${PWD}/appdata/gorevoke/confand${PWD}/appdata/gorevoke/crl - Copy and rename the configuration example
conf/config.yml.exampleto${PWD}/appdata/gorevoke/conf/config.yml - Pull the latest image from Docker Hub using the following example Docker run command:
docker run -d \
--name gorevoke \
-p 80:4000 \
-v ${PWD}/appdata/gorevoke/crl:/usr/local/bin/gorevoke/crl/static \
-v ${PWD}/appdata/gorevoke/config:/usr/local/bin/gorevoke/conf \
--restart=unless-stopped \
ghcr.io/acavella/gorevoke:latestImportant
The Docker Run command above exposes the built-in webserver to the host directly on port 80 and is not recommended for production deploys. For a production configuration we recommend placing a webserver or proxy (such as Apache httpd or nginx) in front of GoRevoke to handle public web requests.
- Download the latest release archive for the appropriate platform
- Linux (amd64): gorevoke--linux-amd64.tar.gz
- Windows (amd64): gorevoke--windows-amd64.zip
- Extract the archive to the appropriate application directory
- Linux: /usr/local/bin
- Windows: C:\Program Files\
- Edit the provided example configuration file
conf/config.yml.exampleand save it asconf/config.yml - Create a systemd service file
/etc/systemd/service/gorevoke.servicewith the following contents:
[Unit]
Description=GoRevoke CDP Server
After=network-online.target
[Service]
Type=simple
ExecStart=/usr/local/bin/gorevoke/gorevoke
[Install]
WantedBy=multi-user.target
- Set the permissions
sudo chmod 664 /etc/systemd/service/gorevoke.service - Reload the systemd configuration
sudo systemctl daemon-reload - Enable and start the service:
sudo systemctl enable gorevoke.service
sudo systemctl start gorevoke.service
I welcome welcome all responsible disclosures. Please do not open an ISSUE to report a security problem. Please use the private reporting system to report security related issues responsibly: https://github.com/acavella/gorevoke/security/advisories/new
Contributions are essential to the success of open-source projects. In other words, we need your help to keep GoRevoke great!
What is a contribution? All the following are highly valuable:
-
Let us know of the best-practices you believe should be standardized
GoRevoke is designed to be compliant with applicable RFCs out-of-the box. By sharing your experiences and knowledge you help us build a solution that takes into account best-practices and user experience. -
Let us know if things aren't working right
We aim to provide a perfect application and test it extensively, however, we can't imagine or replicate every deployment scenario possible. If you run into an issue that you think isn't normal, please let us know. -
Add or improve features
Have an idea to add or improve functionality, then let us know! We want to make GoRevoke the best total solution it can be.
General information about contributions:
Check our Security Policy.
Found a bug? Open a GitHub issue.
Read our Contributing Code of Conduct, which contains all the information you need to contribute to GoRevoke!
Distributed under the MIT License. See LICENSE for more information.
- Tony Cavella - tony@cavella.com
- Project Link: https://github.com/acavella/gorevoke
- @Deliveranc3 - Containerfile development and additions