README
¶
Pki
Inspiration
Cert generate via openssl could be convoluted. The defaults are also insecure at version 1. This library provide an easy way to generate and sign certificates. With secure defaults.
Example
package main
import (
"fmt"
"testing"
)
func TestSignCsr(t *testing.T) {
csr, err := GenerateCertificateSigningRequest(GenerateCertificateSigningRequestInput{
EmailAddresses: []string{"foo@klin-pro.com"},
RsaBits: 4096,
Province: []string{"CA"},
Locality: []string{"SF"},
Organization: []string{"klin-pro"},
OrganizationalUnit: []string{"IT"},
CommonName: "pii-vault",
DNSNames: []string{""},
})
if err != nil {
t.Errorf(err.Error())
}
ca, err := GenerateCaCertificate(GenerateCaCertificateInput{
EmailAddresses: []string{"foo@klin-pro.com"},
MaxDays: 30,
RsaBits: 4096,
Organization: "klin-pro",
DNSNames: []string{"test1.klin-pro.com"},
})
if err != nil {
t.Errorf(err.Error())
}
cert, err := SignCsr(SignCsrInput{
IsCa: true,
CaCert: ca.Cert,
CaKey: ca.Key,
Csr: csr.Csr,
ValidDays: 2,
})
if err != nil {
t.Errorf(err.Error())
}
fmt.Println(string(cert.Cert))
}
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GenerateCaCertificateInput ¶
type GenerateCaCertificateInput struct {
EmailAddresses []string // EmailAddresses
EcdsaCurve string // EcdsaCurve specify this if you want EcsdasCurve, if you leave it blank it will default to RSA
MaxDays float64 // MaxDays
RsaBits int // RsaBits
Password string // Password
Organization string // Orgnaization
DNSNames []string // DNSNames The list of DNS names
RawCertificate *x509.Certificate // RawCertificate alternative one can forgo all the params above and simply stick the raw certficiate to be generated
}
GenerateCaCertificateInput the input of the function.
type GenerateCaCertificateOutput ¶
GenerateCaCertificateOutput the output of the function
func GenerateCaCertificate ¶
func GenerateCaCertificate(g GenerateCaCertificateInput) (GenerateCaCertificateOutput, error)
GenerateCaCertificate the CA certificate
type GenerateCertificateSigningRequestInput ¶
type GenerateCertificateSigningRequestInput struct {
RsaBits int // RsaBits
Country []string // Country
Province []string // Province
Locality []string // Locality
EmailAddresses []string // EmailAddresses
Organization []string // Orginzation
OrganizationalUnit []string // OrginzationUnit
CommonName string // CommonName
DNSNames []string // DnsNames
Password string // Password
RawCertificateRequest *x509.CertificateRequest // RawCertificateRequest
}
GenerateCertificateSigningRequestInput the input for the function
type GenerateCertificateSigningRequestOutput ¶
GenerateCertificateSigningRequestOutput the output for the function
func GenerateCertificateSigningRequest ¶
func GenerateCertificateSigningRequest(g GenerateCertificateSigningRequestInput) (GenerateCertificateSigningRequestOutput, error)
GenerateCertificateSigningRequest the function that signs csr
type SignCsrInput ¶
type SignCsrInput struct {
CaCert []byte // CaCert
CaKey []byte // CaKey
Csr []byte // Csr the certficiate request to sign
IsCa bool // IsCa whether to sign the certificate as Certificate authority
ValidDays int // ValidDays
}
SignCsrInput the input of the function
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.