{"id":18709468,"url":"https://github.com/joemiller/certin","last_synced_at":"2025-04-12T10:35:29.478Z","repository":{"id":38315071,"uuid":"272723404","full_name":"joemiller/certin","owner":"joemiller","description":"Go lib (and CLI) for quick creation of TLS keys and certificates for use in tests","archived":false,"fork":false,"pushed_at":"2025-02-10T15:29:28.000Z","size":123,"stargazers_count":15,"open_issues_count":2,"forks_count":5,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-10T07:55:55.335Z","etag":null,"topics":["cert","certificates","go","golang","golang-library","pki","tls"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/joemiller.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-06-16T14:01:24.000Z","updated_at":"2025-04-09T10:16:16.000Z","dependencies_parsed_at":"2024-06-19T09:58:02.352Z","dependency_job_id":"2fd7938a-faab-4b5e-bc86-b76bcca6d2e5","html_url":"https://github.com/joemiller/certin","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joemiller%2Fcertin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joemiller%2Fcertin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joemiller%2Fcertin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joemiller%2Fcertin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/joemiller","download_url":"https://codeload.github.com/joemiller/certin/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248553984,"owners_count":21123559,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cert","certificates","go","golang","golang-library","pki","tls"],"created_at":"2024-11-07T12:27:40.090Z","updated_at":"2025-04-12T10:35:29.467Z","avatar_url":"https://github.com/joemiller.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"certin\n=======\n\n![ci-cd](https://github.com/joemiller/certin/workflows/main/badge.svg)\n[![Go Doc](https://img.shields.io/badge/godoc-reference-blue.svg?style=flat)](http://godoc.org/github.com/joemiller/certin)\n\nCertin is a Go library and CLI for quickly creating keys and certificates for use\nas test fixtures.\n\nIt is available as both a Go library for use in Go tests as well as a CLI for\ncreating fixtures as files for Go or any other language.\n\nCLI\n---\n\n### Install\n\nAvailable options:\n\n* Go 1.16+: `go install github.com/joemiller/certin/cmd/certin@latest`\n* macOS homebrew (Linuxbrew might work too): `brew install joemiller/taps/certin`\n* Binaries for all platforms (macOS, Linux, *BSD) on [GitHub Releases](https://github.com/joemiller/certin/releases)\n* [Docker images](https://hub.docker.com/r/joemiller/certin)\n\nUsage:\n\n```console\n$ certin create KEY CERT\n\nFlags:\n      --bundle string        (optional) Create combined bundle FILE containing private-key, certificate, and signing CA cert\n      --cn string            common name\n      --csr                  create a Certificate Signing Request (CSR) instead of a signed certificate\n  -d, --duration string      certificate duration. Examples of valid values: 1w, 1d, 2d3h5m, 1h30m, 10s (default \"1y\")\n  -h, --help                 help for create\n      --is-ca                create a CA cert capable of signing other certs\n  -K, --key-type string      key type to create (rsa-2048, rsa-3072, rsa-4096, ecdsa-256, ecdsa-384, ecdsa-512, ed25519) (default \"rsa-2048\")\n      --o strings            organization\n      --ou strings           organizational unit\n      --sans strings         SubjectAltNames, comma separated\n  -c, --signer-cert string   CA cert to sign the CERT with. If omitted, a self-signed cert is generated.\n  -k, --signer-key string    CA key to sign the CERT with. If omitted, a self-signed cert is generated.\n```\n\nExamples:\n\n* self-signed cert:\n\n```console\ncertin create self-signed.key self-signed.crt --cn mycert\n```\n\n* root CA:\n\n```console\ncertin create root.key root.crt --is-ca=true --o MyCA --cn root-ca\n```\n\n* intermediate CA:\n\n```console\ncertin create intermediate.key intermediate.crt \\\n  --signer-key root.key \\\n  --signer-cert root.crt \\\n  --o MyCA \\\n  --cn int-ca \\\n  --is-ca\n```\n\n* leaf cert with SubjectAltNames (SANs):\n\n```console\ncertin create example.key example.crt \\\n  --signer-key intermediate.key \\\n  --signer-cert intermediate.crt \\\n  --cn example.com \\\n  --sans \"example.com,www.example.com\" \\\n  --key-type \"ecdsa-256\"\n```\n\n* Generate certificate signing request (CSR) instead of a signed certificate:\n\n```console\ncertin create example.key example.csr --cn example.com\n```\n\nGo Library\n----------\n\n```\ngo get -u github.com/joemiller/certin\n```\n\nExample uses:\n\n```go\n// See certin.go or the godoc page for details on each struct member\ntype Request struct {\n\tCN       string\n\tO        []string\n\tOU       []string\n\tSANs     []string\n\tDuration time.Duration\n\tIsCA     bool\n\tKeyType  string\n}\n\ntype KeyAndCert struct {\n\tCertificate *x509.Certificate\n\tPrivateKey  crypto.PrivateKey\n\tPublicKey   crypto.PublicKey\n}\n\ntype KeyAndCSR struct {\n\tCertificateRequest *x509.CertificateRequest\n\tPrivateKey         crypto.PrivateKey\n\tPublicKey          crypto.PublicKey\n}\n```\n\n* simple self-signed cert:\n\n```go\n// the first param to NewCert is the parent (signing) CA cert. nil creates a self-signed cert\n// the returned value is a certin.KeyAndCert\nroot, err := certin.NewCert(nil, certin.Request{CN: \"self-signed\"}))\n```\n\n* root CA cert:\n\n```go\nroot, err := certin.NewCert(nil, certin.Request{CN: \"root CA\", IsCA: true})\n```\n\n* root and intermediate CA certs:\n\n```go\nroot, err := certin.NewCert(nil, Request{CN: \"root\", IsCA: true})\n// pass the root key/cert to NewCert() to sign the intermediate cert\ninterm, err := certin.NewCert(root, Request{CN: \" intermediate\", IsCA: true})\n```\n\n* leaf certificate signed by intermediate:\n\n```go\nleaf, err := certin.NewCert(interm, Request{CN: \"example.com\", SANs: []string{\"example.com\", \"www.example.com\"}})\n```\n\nIf you need more control over the contents of the certificate you can create a cert\nfrom a `x509.Certificate` template instead of `certin.Request`. This allows for full\n  control over the contents of the cert.\n\n```go\ntempl := \u0026x509.Certificate{\n  SerialNumber: big.NewInt(123456789),\n  Subject: pkix.Name{\n    Organization:       []string{\"My Org\"},\n    OrganizationalUnit: []string{\"My dept\"},\n    CommonName:         \"example.com\",\n  },\n  DNSNames: []string{\"example.com\"}\n\n  NotBefore: time.Now(),\n  NotAfter:  time.Now().Add(10 * time.Minute),\n\tKeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature\n}\ncert, err := certin.NewCertFromX509Template(interm, \"ecdsa-256\", templ)\n```\n\n* Generate certificate signing request (CSR) instead of a signed certificate:\n\n```go\nkeyAndCSR, err := certin.NewCSR(Request{CN: \"example.com\", SANs: []string{\"example.com\", \"www.example.com\"}})\n```\n\nMotivation\n----------\n\nI've worked on lots of projects that involved TLS certs and found myself constantly\nneeding to create certificate hiearchies for test fixtures. There are plenty of great\ntools that can accomplish this. After experimenting with a few of them I decided I\nwanted something simpler and built specifically for the simplest test cases.\n\n- `openssl`: Plenty capable of being scripted to create root and intermediate CAs and\n  sign certs. However you usually end up with some mixture of openssl.cnf files to\n  express certain options in combination with command line flags.\n- `cfssl`: Very flexible, easy to install and use. Most config is done through JSON\n  files.\n\nI felt like the common cases for certs needed during testing should be generatable\nwith a simple CLI and only a few command flags and common defaults, no config files or\ncomplex scripts.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoemiller%2Fcertin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjoemiller%2Fcertin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoemiller%2Fcertin/lists"}