{"id":13469991,"url":"https://github.com/square/certstrap","last_synced_at":"2025-05-13T21:10:15.653Z","repository":{"id":28443825,"uuid":"31959125","full_name":"square/certstrap","owner":"square","description":"Tools to bootstrap CAs, certificate requests, and signed certificates.","archived":false,"fork":false,"pushed_at":"2023-10-25T15:10:11.000Z","size":3143,"stargazers_count":2366,"open_issues_count":32,"forks_count":210,"subscribers_count":53,"default_branch":"master","last_synced_at":"2025-04-28T12:16:52.551Z","etag":null,"topics":["bootstrap","certificate","certificate-authority","crypto","csr","golang","ssl","tls"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/square.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2015-03-10T13:32:38.000Z","updated_at":"2025-04-28T03:59:46.000Z","dependencies_parsed_at":"2024-01-14T16:14:10.248Z","dependency_job_id":"acc93404-dce9-4779-82f7-924527ff8504","html_url":"https://github.com/square/certstrap","commit_stats":{"total_commits":109,"total_committers":33,"mean_commits":3.303030303030303,"dds":0.8990825688073394,"last_synced_commit":"32fba745d6a015ef604cd4d307b6db3e00f3a67d"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/square%2Fcertstrap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/square%2Fcertstrap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/square%2Fcertstrap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/square%2Fcertstrap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/square","download_url":"https://codeload.github.com/square/certstrap/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251311337,"owners_count":21569010,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bootstrap","certificate","certificate-authority","crypto","csr","golang","ssl","tls"],"created_at":"2024-07-31T16:00:20.815Z","updated_at":"2025-04-28T12:16:57.591Z","avatar_url":"https://github.com/square.png","language":"Go","readme":"# certstrap\n[![godoc](http://img.shields.io/badge/godoc-certstrap-blue.svg?style=flat)](https://godoc.org/github.com/square/certstrap)\n[![CI](https://github.com/square/certstrap/actions/workflows/go.yml/badge.svg)](https://github.com/square/certstrap/actions/workflows/go.yml)\n[![license](http://img.shields.io/badge/license-apache_2.0-red.svg?style=flat)](https://raw.githubusercontent.com/square/certstrap/master/LICENSE)\n\nA simple certificate manager written in Go, to bootstrap your own certificate authority and public key infrastructure.  Adapted from etcd-ca.\n\ncertstrap is a very convenient app if you don't feel like dealing with openssl, its myriad of options or config files.\n\n## Common Uses\n\ncertstrap allows you to build your own certificate system:\n\n1. Initialize certificate authorities\n2. Create identities and certificate signature requests for hosts\n3. Sign and generate certificates\n\n## Certificate architecture\n\ncertstrap can init multiple certificate authorities to sign certificates with.  Users can make arbitrarily long certificate chains by using signed hosts to sign later certificate requests, as well.\n\n## Examples\n\n## Getting Started\n\n### Building\n\ncertstrap must be built with Go 1.18+. You can build certstrap from source:\n\n```\n$ git clone https://github.com/square/certstrap\n$ cd certstrap\n$ go build\n```\n\nThis will generate a binary called `certstrap` under project root folder.\n\n### Initialize a new certificate authority:\n\n```\n$ ./certstrap init --common-name \"CertAuth\"\nCreated out/CertAuth.key\nCreated out/CertAuth.crt\nCreated out/CertAuth.crl\n```\n\nNote that the `-common-name` flag is required, and will be used to name output files.\n\nMoreover, this will also generate a new keypair for the Certificate Authority,\nthough you can use a pre-existing private PEM key with the `-key` flag.\n\nIf the CN contains spaces, certstrap will change them to underscores in the filename for easier use.  The spaces will be preserved inside the fields of the generated files:\n\n```\n$ ./certstrap init --common-name \"Cert Auth\"\nCreated out/Cert_Auth.key\nCreated out/Cert_Auth.crt\nCreated out/Cert_Auth.crl\n```\n\n### Request a certificate, including keypair:\n\n```\n$ ./certstrap request-cert --common-name Alice\nCreated out/Alice.key\nCreated out/Alice.csr\n```\n\ncertstrap requires either `-common-name` or `-domain` flag to be set in order to generate a certificate signing request.  The CN for the certificate will be found from these fields.\n\nIf your server has mutiple ip addresses or domains, use comma seperated ip/domain/uri list. eg: `./certstrap request-cert -ip $ip1,$ip2 -domain $domain1,$domain2 -uri $uri1,$uri2`\n\nIf you do not wish to generate a new keypair, you can use a pre-existing private\nPEM key with the `-key` flag\n\n### Sign certificate request of host and generate the certificate:\n\n```\n$ ./certstrap sign Alice --CA CertAuth\nCreated out/Alice.crt from out/Alice.csr signed by out/CertAuth.key\n```\n\n#### PKCS Format:\nIf you'd like to convert your certificate and key to PKCS12 format, simply run:\n```\n$ openssl pkcs12 -export -out outputCert.p12 -inkey inputKey.key -in inputCert.crt -certfile CA.crt\n```\n`inputKey.key` and `inputCert.crt` make up the leaf private key and certificate pair of your choosing (generated by a `sign` command), with `CA.crt` being the certificate authority certificate that was used to sign it.  The output PKCS12 file is `outputCert.p12`\n\n### Key Algorithms:\nCertstrap supports curves P-224, P-256, P-384, P-521, and Ed25519. Curve names can be specified by name as part of the `init` and `request_cert` commands:\n\n```\n$ ./certstrap init --common-name CertAuth --curve P-256\nCreated out/CertAuth.key\nCreated out/CertAuth.crt\nCreated out/CertAuth.crl\n\n$ ./certstrap request-cert --common-name Alice --curve P-256\nCreated out/Alice.key\nCreated out/Alice.csr\n```\n\n### Retrieving Files\n\nOutputted key, request, and certificate files can be found in the depot directory.\nBy default, this is in `out/`\n\n\n## Project Details\n\n### Contributing\n\nSee [CONTRIBUTING](CONTRIBUTING.md) for details on submitting patches.\n\n### License\n\ncertstrap is under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.\n","funding_links":[],"categories":["Go","Productivity Tools","Linux生态圈Dev\u0026Ops工具与服务"],"sub_categories":["Certificate Management"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsquare%2Fcertstrap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsquare%2Fcertstrap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsquare%2Fcertstrap/lists"}