{"id":15502766,"url":"https://github.com/j-siu/tiny_ca","last_synced_at":"2025-03-28T18:22:59.545Z","repository":{"id":132734827,"uuid":"199387141","full_name":"J-Siu/tiny_ca","owner":"J-Siu","description":"Command line root certificate and wildcard certificate creation.","archived":false,"fork":false,"pushed_at":"2022-05-18T23:25:18.000Z","size":13,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-10-19T17:28:29.046Z","etag":null,"topics":["certificate","openssl","root-certificate"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/J-Siu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-07-29T05:53:18.000Z","updated_at":"2022-05-16T06:12:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"dd322cdf-28c9-4c96-9646-ca22b49a8e7f","html_url":"https://github.com/J-Siu/tiny_ca","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/J-Siu%2Ftiny_ca","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/J-Siu%2Ftiny_ca/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/J-Siu%2Ftiny_ca/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/J-Siu%2Ftiny_ca/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/J-Siu","download_url":"https://codeload.github.com/J-Siu/tiny_ca/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246077313,"owners_count":20719966,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","openssl","root-certificate"],"created_at":"2024-10-02T09:10:59.388Z","updated_at":"2025-03-28T18:22:59.502Z","avatar_url":"https://github.com/J-Siu.png","language":"Shell","funding_links":["https://www.paypal.com/donate/?business=HZF49NM9D35SJ\u0026no_recurring=0\u0026currency_code=CAD"],"categories":[],"sub_categories":[],"readme":"# Tiny Certificate Authority [![Paypal donate](https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif)](https://www.paypal.com/donate/?business=HZF49NM9D35SJ\u0026no_recurring=0\u0026currency_code=CAD)\n\nBash script handling CA and certification creation.\n\n### Table Of Content\n\u003c!-- TOC --\u003e\n\n- [Table Of Content](#table-of-content)\n- [Background](#background)\n- [Goals](#goals)\n- [Fast Forward](#fast-forward)\n - [Usage](#usage)\n - [Output](#output)\n- [Install CA in Ubuntu](#install-ca-in-ubuntu)\n- [Changelog](#changelog)\n- [Reference](#reference)\n\n\u003c!-- /TOC --\u003e\n\u003c!--more--\u003e\n\n### Background\n\nAs browsers are getting more secure and packed with more safeguards to prevent malicious actors from doing their biddings, they become less friendly with self-signed certificates. This is a pain in small labs and other wall off networks. While using http for non-prod/testing can be a solution, it is not ideal and can create other issues.\n\n### Goals\n\n- Create the simplest CA setup that can be recreated and thrown away at wish.\n- Create one wildcard server certificate for any servers in the network.\n\n### Fast Forward\n\nThe result is a simple script with an openssl config file that will generate a CA and a wildcard certificate.\n\nGitHub: [tiny_ca](https://github.com/J-Siu/tiny_ca)\n\n\u003e ***WARNING:*** This is intended for testing/throw-away environment. Don't use it for production.\n\n#### Usage\n\n```sh\ngit clone https://github.com/J-Siu/tiny_ca.git\ncd tiny_ca\nchmod u+x cert-gen.sh\ntiny_ca.sh \u003cdomain\u003e\n```\n\n#### Output\n\n```sh\n$ ./tiny_ca.sh local.local\n--- Prepare directory\n--- Generate Root Key and Certificate\nGenerating a RSA private key\n...................................................................+++++\n................................+++++\nwriting new private key to './ca/local.local/ca.local.local.key.pem'\n-----\n\n--- Generate Server Key\nGenerating RSA private key, 2048 bit long modulus (2 primes)\n.........+++++\n...........+++++\ne is 65537 (0x010001)\n--- Generate Server CSR\n--- Generate Server Certificate\nUsing configuration from ./ca/local.local/ca.local.local.cnf\nCheck that the request matches the signature\nSignature ok\nCertificate Details:\n Serial Number: 4096 (0x1000)\n Validity\n Not Before: Feb 7 21:28:34 2020 GMT\n Not After : Feb 4 21:28:34 2030 GMT\n Subject:\n countryName = CA\n stateOrProvinceName = local.local\n organizationName = local.local\n commonName = *.local.local\n X509v3 extensions:\n X509v3 Basic Constraints:\n CA:FALSE\n Netscape Cert Type:\n SSL Server\n Netscape Comment:\n OpenSSL Generated Server Certificate\n X509v3 Subject Key Identifier:\n 14:5F:04:EF:39:42:8F:A3:B5:C7:21:8D:9B:7A:D9:A4:20:FB:21:EF\n X509v3 Authority Key Identifier:\n keyid:7E:B0:D5:B2:44:2A:A6:7C:2C:CB:A6:D2:7E:42:EB:2F:25:50:3C:E1\n DirName:/C=CA/ST=local.local/O=local.local/CN=root\n serial:3C:1A:88:5F:B7:71:A5:DB:4F:99:E2:6F:1C:25:D7:5E:13:79:83:17\n\n X509v3 Key Usage: critical\n Digital Signature, Key Encipherment\n X509v3 Extended Key Usage:\n TLS Web Server Authentication\nCertificate is to be certified until Feb 4 21:28:34 2030 GMT (3650 days)\nSign the certificate? [y/n]:\n\n1 out of 1 certificate requests certified, commit? [y/n]Write out database with 1 new entries\nData Base Updated\n\n--- CA Certificate:\n./ca/local.local/ca.local.local.crt.pem\n./ca/local.local/ca.local.local.crt.der\n--- Server Certificate:\n./srv/wildcard.local.local.key.pem\n./srv/wildcard.local.local.crt.pem\n./srv/wildcard.local.local.crt.der\n```\n\nInstall CA certificate into browser or OS.\n\nInstall server certificate and key into webserver.\n\n\u003e **Notes**\n\u003e\n\u003e Most modern browsers will not accept wildcard certificate for TLD (top level domain). For example `*.local`, `*.com`, will not work.\n\n### Install CA in Ubuntu\n\nCopy ca certificate to `/usr/local/share/ca-certificates` and change extension to crt. Then run `update-ca-certificates`.\n\nExample:\n\n```sh\ncp ./ca/local.local/ca.local.local.crt.pem /usr/local/share/ca-certificates/ca.local.local.crt\nupdate-ca-certificates\n```\n\n### Changelog\n\n- 1.0.0\n - Take domain name from command line.\n - Each domain in own directory under ca directory.\n - Automatically generate der format for both ca and server cert.\n - Check if ca and server cert exist.\n - Remove OSCP and CRL extension from ca.cnf.template.\n- 1.1.0\n - Incorporated ca config template into tiny_ca.sh.\n\n### Reference\n\n[OpenSSL Certificate Authority](https://jamielinux.com/docs/openssl-certificate-authority/index.html) by Jamie Nguyen.\n\n[openssl-ca](https://www.openssl.org/docs/manmaster/man1/ca.html) man page.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fj-siu%2Ftiny_ca","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fj-siu%2Ftiny_ca","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fj-siu%2Ftiny_ca/lists"}