{"id":23591467,"url":"https://github.com/dvob/pcert","last_synced_at":"2025-05-07T17:13:39.227Z","repository":{"id":57548423,"uuid":"255448634","full_name":"dvob/pcert","owner":"dvob","description":"x509 certificate creation with ease","archived":false,"fork":false,"pushed_at":"2024-07-29T20:35:59.000Z","size":228,"stargazers_count":10,"open_issues_count":0,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-05-07T17:13:33.260Z","etag":null,"topics":["certificate","certificate-authority","certificate-creation","cfssl","client-certificate","csr","openssl","pki","self-signed-certificate","tls-certificate","x509"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dvob.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-13T21:47:52.000Z","updated_at":"2024-07-31T09:07:48.000Z","dependencies_parsed_at":"2023-02-19T02:01:15.613Z","dependency_job_id":"49eff79a-14cf-4ef2-bbdf-cbf6dae14c89","html_url":"https://github.com/dvob/pcert","commit_stats":null,"previous_names":["dsbrng25b/pcert","dsbrng25b/plaincert"],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvob%2Fpcert","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvob%2Fpcert/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvob%2Fpcert/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvob%2Fpcert/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dvob","download_url":"https://codeload.github.com/dvob/pcert/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252922335,"owners_count":21825639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","certificate-authority","certificate-creation","cfssl","client-certificate","csr","openssl","pki","self-signed-certificate","tls-certificate","x509"],"created_at":"2024-12-27T07:39:09.156Z","updated_at":"2025-05-07T17:13:39.205Z","avatar_url":"https://github.com/dvob.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pcert\n[![PkgGoDev](https://pkg.go.dev/badge/github.com/dvob/pcert)](https://pkg.go.dev/github.com/dvob/pcert)\n\n`pcert` aims to ease the creation of x509 certificates and keys.\n\nThe simple case is as easy as this:\n```\npcert create\n```\n\nThis would write the certificate and key to standard output.\n\nYou can write the certificate and key to a file by specifying either only the certificate path or both pathes:\n```\npcert create tls.crt\npcert create tls.crt tls.key\n```\n\nThe two invocations above are equivalent. When omitting the path for the key file the key file is written into the same directory as the certificate to a file with the same name but ending in `.key`.\n\n# Quick start\n## Self-signed server certificate\n```\npcert create tls.crt --server --dns myserver.example.com\n```\n\n## Signed certificates (CA)\nTo create your own CA and sign certificates with it you first create a CA (self-signed) certificate:\n```\npcert create ca.crt --ca --name \"My CA\"\n```\n\nThen you can create and sign certificates with it:\n```\n# server\npcert create server.crt --server --dns foo.example.com --dns bar.example.com\n\n# client\npcert create client.crt --client --name \"my client\"\n```\n\n# Auto completion\nShell completion can be enabled for `bash`, `zsh`, `fish` and `ps` (Power Shell). It supports not only completion for the commands, but also for certain flags (e.g. `--key-usage`, `--ext-key-usage`, `--sign-alg`) where the valid options are hard to remember.\n```shell\nsource \u003c( pcert completion bash )\n```\n\n# Expiry\nThe validity period of certificates default to one year starting from the creation time.\nThe period can be changed by using the options `--not-before`, `--not-after` and `--expiry`.\nThe options `--not-before` and `--not-after` allow to set the NotBefore and NotAfter value to a certain date (RFC3339):\n```shell\npcert create --not-before 2020-01-01T12:00:00+01:00 --not-after 2020-06-01T12:00:00+01:00\n```\n\nThe option `--expiry` allows to specify a duration instead of explicit dates:\n```shell\n# certificate valid until 90days from now\npcert create --expiry 90d\n\n# certificate valid until 3 years (3 * 365 days)\npcert create --expiry 3y\n```\n\n# Environment variables\nAll command line flags can also be set using environment variables.\nFor this you have to make the flag name upper-case, repalce `-` with `_` and prefix it with `PCERT_`.\n\nFor example:\n* `--sign-cert=ca.crt` =\u003e `PCERT_SIGN_CERT=ca.crt`\n* `--subject-country CH` =\u003e `PCERT_SUBJECT_COUNTRY=CH`\n\nCommand line flags take precedence over environment variables.\nBe aware that for flags you can specify multiple times (e.g. `--dns`) the values from the environment and form the command line flags are combined.\n\n# Examples\n## Local CA\nHere is an example of how you could use `pcert` to create a local CA:\n\nCreate CA certificate and key in `~/pki`:\n```shell\nmkdir ~/pki\npcert create ~/pki/ca.crt --ca\n```\n\nIf you like you can add the newly created certificate `~/pki/ca.crt` to you system trust store.\n\nNow we set `PCERT_SIGN_CERT` that all newly created certificates are signed with our CA in `~/pki`. This environment variable could be added to `.bashrc` for example:\n```shell\nexport PCERT_SIGN_CERT=~/pki/ca.crt\nexport PCERT_SIGN_KEY=~/pki/ca.key\n```\n\nFrom now on if we use `pcert create` it creates certificates which are signed by our local CA.\nIf you still would create a self-signed certificate you would have to set `--sign-cert=\"\"`.\n\n## Intermediate CA\nThis example shows how to make an intermediate CA certificate:\n\nCreate root CA certificate and key:\n```shell\npcert create root.crt --ca\n```\n\nCreate intermediate CA certificate:\n```shell\npcert create intermediate.crt --ca --sign-cert root.crt\n```\n\nCreate server certificate from the intermediate CA:\n```shell\npcert create server.crt --sign-cert indtermediate.crt --dns myserver.example.com\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdvob%2Fpcert","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdvob%2Fpcert","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdvob%2Fpcert/lists"}