certctl

command module

v0.3.2 Latest Latest Go to latest Published: Sep 28, 2021 License: GPL-3.0 Imports: 2 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chenzhiwei/certctl

Links

Open Source Insights

README ¶

certctl

certctl is a certificate utility tool, it can:

Generate Root CA certificate or self-signed certificate
Sign certificate with CA certificate
Show certificate or certificate signing request info
Fetch certificate from an HTTPS URL
Verify if a certificate matches the private key or CA certificate

Download

curl -LO https://github.com/chenzhiwei/certctl/releases/latest/download/certctl
chmod +x certctl
./certctl version
sudo mv certctl /usr/local/bin/

Generate CA or Self-signed certificate

certctl generate --subject "C=CN/ST=Beijing/L=Haidian/O=Any Corp/CN=Root-CA" \
    --key ca.key --cert ca.crt --days 36500 --size 4096

certctl generate --subject "C=CN/ST=Beijing/L=Haidian/O=Any Corp/CN=anycorp.com" \
    --san *.anycorp.com,localhost,127.0.0.1 \
    --key anycorp.com.key --cert anycorp.com.crt --days 365 --size 4096

certctl generate --subject "C=CN/ST=Beijing/L=Haidian/O=Any Corp/CN=anycorp.com" \
    --san *.anycorp.com,localhost,127.0.0.1 \
    --key anycorp.com.key --cert anycorp.com.crt --days 365 --size 4096 \
    --usage digitalSignature,keyEncipherment \
    --extusage serverAuth,clientAuth,emailProtection

certctl help generate

A full list a key usages are:

digitalSignature
contentCommitment
keyEncipherment
dataEncipherment
keyAgreement
keyCertSign
cRLSign
encipherOnly
decipherOnly

A full list of extended key usages are:

any
serverAuth
clientAuth
codeSigning
emailProtection
IPSECEndSystem
IPSECTunnel
IPSECUser
timeStamping
OCSPSigning
netscapeServerGatedCrypto
microsoftServerGatedCrypto
microsoftCommercialCodeSigning
microsoftKernelCodeSigning

Sign certificate with CA

certctl sign --ca-key ca.key --ca-cert ca.crt --subject "CN=my.anycorp.com" \
    --san www.my.anycorp.com,localhost,127.0.0.1 \
    --key my.anycorp.com.key --cert my.anycorp.com.crt

certctl sign --ca-key ca.key --ca-cert ca.crt --is-ca \
    --subject "CN=my.anycorp.com" \
    --key my.anycorp.com.key --cert my.anycorp.com.crt \
    --usage digitalSignature,keyEncipherment,keyCertSign \
    --extusage serverAuth,codeSigning

certctl help sign

Show certificate/csr from file

certctl show cert-filepath.crt
certctl show csr-filepath.csr

Fetch certificate from URL

certctl fetch 192.168.122.10:8443
certctl fetch https://pkg.go.dev/io
certctl fetch golang.org
certctl fetch golang.org --file golang.org.crt --noout

Verify certificate with private key and/or CA certificate

certctl verify --cert domain.crt --ca ca.crt
certctl verify --cert domain.crt --key domain.key
certctl verify --cert domain.crt --key domain.key --ca ca.crt

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
pkg
cert

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL