{"id":25021965,"url":"https://github.com/android-sms-gateway/ca-backend","last_synced_at":"2026-02-10T01:04:51.768Z","repository":{"id":274619903,"uuid":"920966538","full_name":"android-sms-gateway/ca-backend","owner":"android-sms-gateway","description":"Certificate Authority service for the SMS Gateway for Androidβ„’ project. Used to generate certificates for receiving webhooks at specific IP addresses.","archived":false,"fork":false,"pushed_at":"2025-08-05T23:15:56.000Z","size":516,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-08-06T01:08:31.861Z","etag":null,"topics":["api","certificate-authority","fiber","golang","microservice","redis","security","sms-gateway","ssl","tls","uber-fx","x509"],"latest_commit_sha":null,"homepage":"https://sms-gate.app","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/android-sms-gateway.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-01-23T04:58:59.000Z","updated_at":"2025-08-05T23:15:00.000Z","dependencies_parsed_at":"2025-05-28T14:32:43.620Z","dependency_job_id":"4f2718dc-4271-4c77-81a7-a9634c7fefc7","html_url":"https://github.com/android-sms-gateway/ca-backend","commit_stats":null,"previous_names":["android-sms-gateway/ca-backend"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/android-sms-gateway/ca-backend","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/android-sms-gateway%2Fca-backend","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/android-sms-gateway%2Fca-backend/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/android-sms-gateway%2Fca-backend/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/android-sms-gateway%2Fca-backend/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/android-sms-gateway","download_url":"https://codeload.github.com/android-sms-gateway/ca-backend/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/android-sms-gateway%2Fca-backend/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271507286,"owners_count":24771823,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-21T02:00:08.990Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","certificate-authority","fiber","golang","microservice","redis","security","sms-gateway","ssl","tls","uber-fx","x509"],"created_at":"2025-02-05T13:38:57.231Z","updated_at":"2026-02-10T01:04:51.727Z","avatar_url":"https://github.com/android-sms-gateway.png","language":"Go","readme":"\u003ca id=\"readme-top\"\u003e\u003c/a\u003e\n\n\u003c!-- PROJECT SHIELDS --\u003e\n[![Build Status](https://img.shields.io/github/actions/workflow/status/android-sms-gateway/ca-backend/go.yml?branch=master\u0026style=for-the-badge)](https://github.com/android-sms-gateway/ca-backend/actions)\n[![Go Version](https://img.shields.io/github/go-mod/go-version/android-sms-gateway/ca-backend?style=for-the-badge)](go.mod)\n[![License](https://img.shields.io/github/license/android-sms-gateway/ca-backend.svg?style=for-the-badge)](LICENSE)\n\n\u003cbr /\u003e\n\u003cdiv align=\"center\"\u003e\n \u003ch3 align=\"center\"\u003eπŸ”’ Android SMS Gateway CA\u003c/h3\u003e\n\n \u003cp align=\"center\"\u003e\n Private Certificate Authority for Secure Local Communications\n \u003cbr /\u003e\n \u003ca href=\"https://ca.sms-gate.app/docs/index.html\"\u003e\u003cstrong\u003eExplore the API docs Β»\u003c/strong\u003e\u003c/a\u003e\n \u003cbr /\u003e\n \u003cbr /\u003e\n \u003ca href=\"https://github.com/android-sms-gateway/ca-backend/issues/new?labels=bug\"\u003eReport Bug\u003c/a\u003e\n Β·\n \u003ca href=\"https://github.com/android-sms-gateway/ca-backend/issues/new?labels=enhancement\"\u003eRequest Feature\u003c/a\u003e\n \u003c/p\u003e\n\u003c/div\u003e\n\n\u003c!-- TABLE OF CONTENTS --\u003e\n- [πŸ“– About The Project](#-about-the-project)\n - [πŸ› οΈ Built With](#️-built-with)\n- [πŸš€ Getting Started](#-getting-started)\n - [Prerequisites](#prerequisites)\n - [Installation](#installation)\n- [πŸ’» Usage](#-usage)\n - [Method Comparison](#method-comparison)\n - [CLI Method](#cli-method)\n - [API Method](#api-method)\n- [⚠️ Limitations](#️-limitations)\n- [🚨 Migration Guide](#-migration-guide)\n- [❓ FAQ](#-faq)\n- [🀝 Contributing](#-contributing)\n- [πŸ“„ License](#-license)\n\n\n\u003c!-- ABOUT THE PROJECT --\u003e\n## πŸ“– About The Project\n\nThis private Certificate Authority simplifies secure communications within local networks while maintaining security standards. By operating its own [Certificate Authority (CA)](https://en.wikipedia.org/wiki/Certificate_authority), the project eliminates common security pitfalls associated with self-signed certificates and manual certificate management.\n\n\u003e **Important** Security Value Proposition\n\u003e - **🌍 Solves private IP validation** - Public CAs cannot validate private IP addresses\n\u003e - **⚠️ Reduces security risks** - Eliminates manual certificate installation on client devices\n\nThe CA enforces strict security boundaries through multiple layers:\n\n1. **Private IP Enforcement** - All issued certificates validated against RFC 1918 address ranges\n2. **Key Management** - CA private key loaded securely (PEM/PKCS#8); certificates parsed using x509\n3. **Request Validation** - CSRs validated to ensure SAN entries are private IPs (RFC 1918)\n\n### πŸ› οΈ Built With\n\n- [![Go](https://img.shields.io/badge/Go-00ADD8?style=for-the-badge\u0026logo=go\u0026logoColor=white)](https://golang.org/)\n- [![Docker](https://img.shields.io/badge/Docker-2496ED?style=for-the-badge\u0026logo=docker\u0026logoColor=white)](https://www.docker.com/)\n- [![Make](https://img.shields.io/badge/make-4C8A43?style=for-the-badge\u0026logo=gnu-make\u0026logoColor=white)](https://www.gnu.org/software/make/)\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- GETTING STARTED --\u003e\n## πŸš€ Getting Started\n\n### Prerequisites\n\n- Go 1.24.1+ (for building from source)\n- Docker (optional, for containerized deployment)\n- OpenSSL (for manual key/CSR generation)\n- curl and jq (for API examples)\n\n### Installation\n\nYou don't need to install the CA locally to use it. You can use the [API](#api-method) or the [CLI](#cli-method) to issue a certificate with the project's CA at [ca.sms-gate.app](https://ca.sms-gate.app).\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- USAGE EXAMPLES --\u003e\n## πŸ’» Usage\n\n### Method Comparison\n\n| Feature | CLI Method πŸ–₯️ | API Method 🌐 |\n| --------------- | ------------ | ----------------- |\n| Difficulty | ⭐ Easy | ⭐⭐ Medium |\n| Customization | ❌ No | βœ… Available |\n| Automation | βœ… Full | ❌ Manual |\n| Recommended For | Most users βœ… | CI/CD pipelines πŸ€– |\n\n### CLI Method\n\nYou can use the [SMSGate CLI](https://github.com/android-sms-gateway/cli/releases/latest) to issue a certificate.\n\n1. πŸ“₯ **Generate Certificate**\n ```bash\n # Generate webhook certificate\n ./smsgate-ca webhooks --out=server.crt --keyout=server.key 192.168.1.10\n ```\n\n2. πŸ” **Install Certificates**\n ```bash\n # Nginx example\n ssl_certificate /path/to/server.crt;\n ssl_certificate_key /path/to/server.key;\n ```\n\n### API Method\n\n1. πŸ”‘ **Generate Key Pair**\n ```bash\n openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server.key\n ```\n\n2. πŸ“ **Create Config**\n ```ini\n # server.cnf\n [req]\n distinguished_name = req_distinguished_name\n x509_extensions = v3_req\n prompt = no\n \n [req_distinguished_name]\n CN = 192.168.1.10 # replace with your private IP\n \n [v3_req]\n keyUsage = nonRepudiation, digitalSignature, keyEncipherment\n extendedKeyUsage = serverAuth\n subjectAltName = @alt_names\n \n [alt_names]\n IP.0 = 192.168.1.10\n ```\n\n3. πŸ“‹ **Generate CSR**\n ```bash\n openssl req -new -key server.key -out server.csr -extensions v3_req \\\n -config ./server.cnf\n ```\n\n4. πŸ“¨ **Submit CSR**\n ```sh\n jq -Rs '{content: .}' \u003c server.csr | \\\n curl -sSf -X POST \\\n -H \"Content-Type: application/json\" \\\n -d @- \\\n https://ca.sms-gate.app/api/v1/csr\n ```\n\n You will receive a Request ID in the response.\n\n5. πŸ•’ **Check Status**\n ```bash\n curl https://ca.sms-gate.app/api/v1/csr/REQ_12345 # replace with your Request ID\n ```\n\n6. πŸ“₯ **Save Certificate** \n When the request is approved, the certificate content will be provided in the `certificate` field of the response. Save the certificate content to the file `server.crt`.\n\n7. πŸ” **Install Certificate** \n Install the `server.crt` and `server.key` (from step 1) files to your server.\n\nFull API documentation is available [here](https://ca.sms-gate.app/docs/index.html).\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- LIMITATIONS --\u003e\n## ⚠️ Limitations\n\nThe Certificate Authority service has the following limitations:\n\n- πŸ” Only issues certificates for private IP ranges:\n ```text\n 10.0.0.0/8\n 172.16.0.0/12\n 192.168.0.0/16\n ```\n- ⏳ Certificate validity: 1 year\n- πŸ“› Maximum 1 `POST` request per minute\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- MIGRATION GUIDE --\u003e\n## 🚨 Migration Guide\n\nSelf-signed certificates will be deprecated after v2.0 release. It is recommended to use the project's CA instead.\n\nMigration checklist:\n- [ ] Replace self-signed certs before v2.0 release\n- [ ] Update automation scripts to use CLI tool or API\n- [ ] Rotate certificates every 1 year\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- FAQ --\u003e\n## ❓ FAQ\n\n**Why don't I need to install CA on devices?** \nThe root CA certificate is embedded in the SMSGate app (v1.31+). \nNote: other clients (browsers, third‑party services) that do not embed this CA will not trust these certificates unless you install the CA in their trust store.\n\n**Certificate issuance failed?** \nEnsure your IP matches private ranges and hasn't exceeded quota\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- CONTRIBUTING --\u003e\n## 🀝 Contributing\n\nContributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.\n\nIf you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag \"enhancement\".\n\n1. Fork the Project\n2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)\n3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)\n4. Push to the Branch (`git push origin feature/AmazingFeature`)\n5. Open a Pull Request\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- LICENSE --\u003e\n## πŸ“„ License\n\nDistributed under the Apache-2.0 License. See [`LICENSE`](LICENSE) for more information.\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandroid-sms-gateway%2Fca-backend","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandroid-sms-gateway%2Fca-backend","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandroid-sms-gateway%2Fca-backend/lists"}