simplcert

package module
v0.5.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2023 License: MIT Imports: 19 Imported by: 0

README

Go Report Card Status

SimplCERT

The certificate manager is meant to easily generate keys pairs for mTLS purposes. It will generate it's own root certificate and use that to sign server and client certificates that can later be used to secure gRPC over mTLS for instance.

Usage

Exporting the root certificate path is handy so you don't have to provide it to every call

$ export SCM_ROOT_CERT_PATH=/path/to/directory/for/root/cert

verify will check if the root certificate exists and if not, will create one

$ simplcert verify

root-crt will display the root certificate as PEM encoded string to the terminal.

$ simplcert root-crt

create will create a certificate. You can use CLI flags or just run create and fill in the prompts. It is important to know the --host flag needs to be set to the domain name where the service will be reached. Or, if Docker is used, the --host flag should be set to the name of the docker container.

$ simplcert create \
  --root-cert-path /path/to/root-ca \
  --host hostname.tld \
  --name "My server" \
  --days-valid 30 \
  --ecdsa \
  --is-server
Usage examples

See examples folder for some examples:

Roadmap
Status Target Description
Add examples Have an example folder displaying a working setup
Add more signing options RSA, DSA etc. (now only ecdsa is supported
Write output to file Add additional flag to write output to file instead of stdout
Add Rust example Add an example on how to use the certs in a Rust gRPC application
Open Add leaf certs Cross sign with dedicated leaf certs for server and client validations

Documentation

Index

Constants

View Source 
const NoCertsError = internalError("no root certificates found")

Variables

This section is empty.

Functions

func CreateRootCAFiles 

func CreateRootCAFiles(certType CertType, outPath string) (err error)

func EncodeCertificate 

func EncodeCertificate(rawBytes []byte) []byte

func EncodePrivateKey 

func EncodePrivateKey(rawBytes []byte) []byte

func EncodePublicKey 

func EncodePublicKey(rawBytes []byte) []byte

Types

type CertConfig 

type CertConfig struct {
	Name string
	Host string

	IsCA         bool
	IsServer     bool
	Country      string
	Organization string
	OutputPath   string
	OutputName   string
	CertType     CertType
	NotAfter     time.Time
	// contains filtered or unexported fields
}

type CertType 

type CertType int
const (
	TypeECDSA CertType = iota
	TypeRSA
	TypeED25519
)

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager 

func NewManager(certsPath string) (*Manager, error)

func (*Manager) CaPool 

func (m *Manager) CaPool() *x509.CertPool

func (*Manager) CreateNamedCert 

func (m *Manager) CreateNamedCert(cfg CertConfig) (*x509.Certificate, crypto.Signer, []byte, error)

CreateNamedCert will return raw TLS certificate, Private key and Public key bytes

func (*Manager) MarshalPrivateKey 

func (m *Manager) MarshalPrivateKey(key crypto.PrivateKey) ([]byte, error)

func (*Manager) RootCrt 

func (m *Manager) RootCrt() *x509.Certificate

func (*Manager) RootPEM 

func (m *Manager) RootPEM() []byte

Source Files

View all Source files

Directories

Path Synopsis
cmd
cmds

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.