{"id":42069991,"url":"https://github.com/c3b2a7/easy-ca-cli","last_synced_at":"2026-01-26T08:38:51.443Z","repository":{"id":143507465,"uuid":"615937347","full_name":"c3b2a7/easy-ca-cli","owner":"c3b2a7","description":"A fast, simple and easy-to-use certificate generator.","archived":false,"fork":false,"pushed_at":"2026-01-19T02:35:40.000Z","size":116,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-19T11:33:18.722Z","etag":null,"topics":["certificate","certificate-authority","certificate-generation","privatekey","privatekeygenerator"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/c3b2a7.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-03-19T05:40:43.000Z","updated_at":"2026-01-19T02:35:44.000Z","dependencies_parsed_at":"2025-11-27T16:19:10.046Z","dependency_job_id":null,"html_url":"https://github.com/c3b2a7/easy-ca-cli","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/c3b2a7/easy-ca-cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c3b2a7%2Feasy-ca-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c3b2a7%2Feasy-ca-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c3b2a7%2Feasy-ca-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c3b2a7%2Feasy-ca-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/c3b2a7","download_url":"https://codeload.github.com/c3b2a7/easy-ca-cli/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c3b2a7%2Feasy-ca-cli/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28771123,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-26T08:38:24.014Z","status":"ssl_error","status_checked_at":"2026-01-26T08:38:22.080Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","certificate-authority","certificate-generation","privatekey","privatekeygenerator"],"created_at":"2026-01-26T08:38:51.368Z","updated_at":"2026-01-26T08:38:51.427Z","avatar_url":"https://github.com/c3b2a7.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Easy CA CLI\n\n[![GitHub](https://img.shields.io/github/license/c3b2a7/easy-ca-cli)](https://github.com/c3b2a7/easy-ca-cli/blob/master/LICENSE)\n![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/c3b2a7/easy-ca-cli/ci.yml)\n![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/c3b2a7/easy-ca-cli)\n![GitHub release (latest by date)](https://img.shields.io/github/v/release/c3b2a7/easy-ca-cli)\n[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/c3b2a7/easy-ca-cli)\n\n## Table Of Contents\n\n- [What is easy-ca-cli?](#what-is-easy-ca-cli)\n- [Features](#features)\n  - [Supported Key Algorithms](#supported-key-algorithms)\n  - [Certificate Types and Generation](#certificate-types-and-generation)\n  - [Customizable Certificate Information](#customizable-certificate-information)\n- [Installation](#installation)\n  - [Recommended](#recommended)\n  - [Manual](#manual)\n  - [Building From Source](#building-from-source)\n- [Docker image](#docker-image)\n- [Usage](#usage)\n  - [Creating a Certificate Authority (CA)](#creating-a-certificate-authority-ca)\n  - [Generating an Intermediate CA](#generating-an-intermediate-ca)\n  - [Generating a TLS Certificate](#generating-a-tls-certificate)\n- [Troubleshooting](#troubleshooting)\n  - [Common Issues](#common-issues)\n  - [Getting Help](#getting-help)\n- [Related Projects](#related-projects)\n- [CHANGELOG](#changelog)\n- [LICENSE](#license)\n\n## What is easy-ca-cli?\n\nThe easy-ca-cli is a fast, simple certificate generation utility built in Go.\n\nIt serves as a command-line interface to the core [easy-ca](https://github.com/c3b2a7/easy-ca) library,\nproviding an accessible way to generate various certificate types with customizable parameters.\n\n## Features\n\nThe CLI offers a comprehensive set of features for certificate generation:\n\n### Supported Key Algorithms\n\n| Algorithm | Flag        | Options                                         |\n|-----------|-------------|-------------------------------------------------|\n| RSA       | `--rsa`     | Key size: `--rsa-keysize` (2048, 3072, 4096)    |\n| ECDSA     | `--ecdsa`   | Curve: `--ecdsa-curve` (P224, P256, P384, P521) |\n| ED25519   | `--ed25519` | No additional options                           |\n\n### Certificate Types and Generation\n\n- Certificate Authority (Root CA)\n- Intermediate Certificate Authority (Intermediate CA)\n- TLS/Server Certificates\n- Support for certificate chains\n- PKCS8 format for private keys\n- PKCS12 format for the key pair\n- Customizable output paths\n\n### Customizable Certificate Information\n\n- Subject fields: C, O, OU, CN, Serial Number, L, ST, Postal Code\n- Subject Alternative Name (SAN)\n  - DNS names\n  - IP addresses\n- Validity period configuration\n\n## Installation\n\neasy-ca-cli binaries are provided for Linux, macOS and Windows.\n\n### Recommended\n\n```sh\ncurl -sSfL https://get.lolico.me/easy-ca-cli | sh -s -- -b /usr/local/bin\n```\n\nInstall script options:\n\n- `-b`: Specify a custom installation directory (defaults to `./bin`)\n- `-d`: More verbose logging levels (`-d` for debug, `-dd` for trace)\n- `-v`: Verify the signature of the downloaded artifact before installation (requires [cosign](https://github.com/sigstore/cosign) to be installed)\n\n### Manual\n\nYou can download and extract the latest release\nfrom [GitHub Releases Page](https://github.com/c3b2a7/easy-ca-cli/releases)\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eGuided installation steps\u003c/b\u003e\u003c/summary\u003e\n\nHere we use macOS (Darwin) on the arm64 architecture as an example for installation.\n\n1. Download these files for your version from the [GitHub Releases Page](https://github.com/c3b2a7/easy-ca-cli/releases)\n\n    - tarball: `easy-ca-cli_$version_darwin_arm64.tar.gz`\n    - checksums (optional): `easy-ca-cli_$version_sha256_checksums.txt`\n    - signature (optional): `easy-ca-cli_$version_sha256_checksums.txt.sig`\n    - certificate (optional): `easy-ca-cli_$version_sha256_checksums.txt.pem`\n\n2. **(Optional) Verifying the signature of your downloaded checksums file**\n\n    If you chose to manually download the tarball file in the above steps, you can use the following steps to verify the signatures and checksums by using the [cosign](https://github.com/sigstore/cosign) and sha256sum tool.\n\n    ```bash\n    # Your downloaded version (without prefix `v`)\n    # Example:\n    version=1.4.0\n\n    # 1. Verify the signature of checksum file\n    cosign verify-blob easy-ca-cli_${version}_sha256_checksums.txt \\\n      --certificate easy-ca-cli_${version}_sha256_checksums.txt.pem \\\n      --signature easy-ca-cli_${version}_sha256_checksums.txt.sig \\\n      --certificate-identity \"https://github.com/c3b2a7/easy-ca-cli/.github/workflows/cd.yml@refs/tags/v${version}\" \\\n      --certificate-oidc-issuer \"https://token.actions.githubusercontent.com\"\n\n    # 2. Verify the tarball’s checksums\n    sha256sum --ignore-missing --check easy-ca-cli_${version}_sha256_checksums.txt\n    ```\n\n3. Unpack tarball\n4. Confirm the version with the following command\n\n    ```bash\n    easy-ca-cli --version\n    ```\n\n\u003c/details\u003e\n\n### Building From Source\n\n```bash\ngo install github.com/c3b2a7/easy-ca-cli@latest\n```\n\n## Docker image\n\neasy-ca-cli are also available as a Docker image. For example:\n\n```bash\ndocker run --rm -i ghcr.io/c3b2a7/easy-ca-cli:latest\n```\n\n\u003e [!TIP]\n\u003e You can mount volumes using the `-v` option, e.g. `-v \u003chost_path\u003e:\u003ccontainer_path\u003e`, so it's easier to access the generated certificates and keys.\n\n```bash\ndocker run -v ./data:/data --rm -i ghcr.io/c3b2a7/easy-ca-cli:latest gen ca --rsa \\\n  --subject \"/C=CN/O=Easy CA/OU=IT Dept./CN=Easy CA Root\" \\\n  --out-key /data/ca_key.pem --out-cert /data/ca_cert.pem\n```\n\nMultiple versions are available on [ghcr.io](https://github.com/c3b2a7/easy-ca-cli/pkgs/container/easy-ca-cli).\n\n## Usage\n\nThe CLI provider `gen ca` and `gen tls` commands for certificate generation, you can run `easy-ca-cli help [command]` for more information about a command and its flags.\n\nHere are some basic examples of how to use easy-ca-cli.\n\n### Creating a Certificate Authority (CA)\n\nThe following command creates a self-signed root CA certificate using ECDSA with the P384 curve:\n\n```bash\neasy-ca-cli gen ca --ecdsa --ecdsa-curve P384 \\\n  --subject \"/C=CN/O=Easy CA/OU=IT Dept./CN=Easy CA Root\" \\\n  --start-date \"2025-01-01 12:00:00\" --days 3650 \\\n  --out-key ca_key.pem --out-cert ca_cert.pem\n```\n\nThis command:\n\n- Uses the `ECDSA` algorithm with `P384` curve\n- Sets the certificate subject information\n- Makes the certificate valid from January 1, 2025 for 10 years (3650 days)\n- Outputs the private key to `ca_key.pem` and the certificate to `ca_cert.pem`\n\n### Generating an Intermediate CA\n\nTo create an intermediate CA signed by your root CA:\n\n```bash\neasy-ca-cli gen ca --ed25519 \\\n  --subject \"/C=CN/O=Easy CA/OU=IT Dept./CN=Easy CA Intermediate\" \\\n  --start-date \"2025-01-01 13:00:00\" --days 1825 \\\n  --issuer-key ca_key.pem --issuer-cert ca_cert.pem \\\n  --out-key intermediate_key.pem --out-cert intermediate_cert.chain.pem\n```\n\nThis command:\n\n- Creates an intermediate CA using the `ed25519` algorithm\n- References the root CA's private key and certificate for signing\n- Outputs a certificate chain in `intermediate_cert.chain.pem` that includes both the intermediate CA and root CA\n  certificates\n\n### Generating a TLS Certificate\n\nTo create a TLS certificate signed by your intermediate CA:\n\n```bash\neasy-ca-cli gen tls --rsa --rsa-keysize 4096 \\\n  --subject \"/C=CN/O=Example Inc/OU=Web Services/CN=example.com\" \\\n  --host \"example.com,www.example.com,192.168.1.100\" \\\n  --start-date \"2025-01-01 14:00:00\" --days 365 \\\n  --issuer-key intermediate_key.pem --issuer-cert intermediate_cert.chain.pem \\\n```\n\nThis command:\n\n- Uses the `RSA` algorithm with 4096-bit key size\n- Sets the certificate subject and Subject Alternative Names (SANs) for multiple domains and an IP address\n- Makes the certificate valid for 1 year\n- References the intermediate CA for signing\n- Outputs generated certificate and private key by default file name, if flags are not specified.\n\n## Troubleshooting\n\n### Common Issues\n\n| Issue                     | Solution                                                                     |\n|---------------------------|------------------------------------------------------------------------------|\n| \"Command not found\" error | Ensure the binary is in a directory listed in your PATH environment variable |\n| Permission denied         | Make sure the binary is executable (`chmod +x easy-ca-cli`)                  |\n| Incompatible architecture | Download the binary that matches your system architecture (amd64/arm64)      |\n\n### Getting Help\n\nIf you encounter issues not covered in this guide, you can:\n\n- Check the GitHub repository for open issues\n- Open a new issue if your problem hasn't been reported\n\n## Related Projects\n\n- [easy-ca](https://github.com/c3b2a7/easy-ca): The core library that provides the certificate generation functionality\n- [cobar](https://github.com/spf13/cobra): A powerful framework for creating modern CLI applications with nested\n  commands\n\n## CHANGELOG\n\nSee [CHANGELOG.md](./CHANGELOG.md)\n\n## LICENSE\n\nEasy CA CLI is released under the MIT license. See [LICENSE](./LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fc3b2a7%2Feasy-ca-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fc3b2a7%2Feasy-ca-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fc3b2a7%2Feasy-ca-cli/lists"}