{"id":29539414,"url":"https://github.com/initialstack/certify","last_synced_at":"2025-07-17T07:02:06.126Z","repository":{"id":303869990,"uuid":"1016971064","full_name":"initialstack/certify","owner":"initialstack","description":"Bash script using OpenSSL to automate CA, RSA keys, X.509 certificates, and DH parameters for nginx, redis, rabbitmq, and postgres.","archived":false,"fork":false,"pushed_at":"2025-07-10T03:03:09.000Z","size":10,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-10T06:46:34.885Z","etag":null,"topics":["openssl","shell","ssl"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/initialstack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-09T20:21:07.000Z","updated_at":"2025-07-10T03:03:12.000Z","dependencies_parsed_at":"2025-07-10T06:46:39.321Z","dependency_job_id":"2b60df1c-7163-4e6d-9900-7f4e018d7132","html_url":"https://github.com/initialstack/certify","commit_stats":null,"previous_names":["initialstack/certify"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/initialstack/certify","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/initialstack%2Fcertify","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/initialstack%2Fcertify/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/initialstack%2Fcertify/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/initialstack%2Fcertify/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/initialstack","download_url":"https://codeload.github.com/initialstack/certify/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/initialstack%2Fcertify/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265575410,"owners_count":23790767,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["openssl","shell","ssl"],"created_at":"2025-07-17T07:00:59.864Z","updated_at":"2025-07-17T07:02:06.119Z","avatar_url":"https://github.com/initialstack.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Certificate Generator\n\n## Overview\n\n`certgen.sh` is a Bash script designed to automate the creation of a root Certificate Authority (CA), private keys, X.509 certificates, and Diffie-Hellman parameters for multiple services such as **nginx**, **redis**, **rabbitmq**, and **postgres**. All generated cryptographic materials are stored in the `certs` directory.\n\n---\n\n## Features\n\n- Generates a **4096-bit RSA root CA** key and a self-signed certificate valid for 10 years.\n- Creates **2048-bit RSA private keys** and signed certificates for each specified service.\n- Produces **2048-bit Diffie-Hellman parameters** to enhance TLS security.\n- Uses an external OpenSSL configuration file for certificate extensions.\n- Loads subject Distinguished Name (DN) parameters from an external configuration file.\n- Sets secure file permissions:\n  - Private keys: `600`\n  - Certificates and DH params: `644`\n\n---\n\n## Prerequisites\n\n- **OpenSSL** must be installed and accessible in your system's `PATH`.\n- The following configuration files must exist relative to the script:\n  - `config/openssl.cnf` — OpenSSL extensions config\n  - `config/subject.conf` — Subject DN parameters\n  - `config/usage.txt` — Usage instructions\n\n---\n\n## Usage\n\n```\n./certgen.sh [options]\n```\n\n### Options\n\n- `-h`, `--help`  \n  Display the help message and exit.\n\n---\n\n## File Structure\n\n- `certs/` — Output directory for all generated keys, certificates, and DH parameters.\n- `config/` — Contains configuration files:\n  - `openssl.cnf`\n  - `subject.conf`\n  - `usage.txt`\n\n---\n\n## How It Works\n\n1. **Root CA Generation**  \n   Creates the root CA private key (`ca.key`) and self-signed certificate (`ca.crt`) if they do not already exist.\n\n2. **Service Keys and Certificates**  \n   For each service (`nginx`, `postgres`, `rabbitmq`, `redis`), the script:\n   - Generates a private RSA key.\n   - Creates a certificate signed by the root CA with appropriate extensions.\n\n3. **Diffie-Hellman Parameters**  \n   Generates DH parameters (`redis.dh`) for secure key exchange.\n\n4. **Permissions**  \n   Ensures private keys are accessible only by the owner and certificates are world-readable.\n\n---\n\n## Example\n\nAfter running the script:\n\n```\n./certgen.sh\n```\n\nYou will find the following files in the `certs` directory:\n\n- `ca.key` — Root CA private key\n- `ca.crt` — Root CA certificate\n- `server.key` \u0026 `server.crt` — Nginx key and certificate\n- `client.key` \u0026 `client.crt` — Client key and certificate\n- `postgres.key` \u0026 `postgres.crt` — Postgres key and certificate\n- `rabbitmq.key` \u0026 `rabbitmq.crt` — RabbitMQ key and certificate\n- `redis.key` \u0026 `redis.crt` — Redis key and certificate\n- `redis.dh` — Diffie-Hellman parameters for Redis\n\n---\n\n## License\n\nThis project is licensed under the [MIT License](https://opensource.org/licenses/MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finitialstack%2Fcertify","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finitialstack%2Fcertify","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finitialstack%2Fcertify/lists"}