https://github.com/moorara/gocert
🔒 Generate Self-Signed TLS/SSL Certificates Pain-Free!
https://github.com/moorara/gocert
certificate cli-tool go golang ssl tls
Last synced: 4 months ago
JSON representation
🔒 Generate Self-Signed TLS/SSL Certificates Pain-Free!
- Host: GitHub
- URL: https://github.com/moorara/gocert
- Owner: moorara
- License: isc
- Created: 2017-12-04T15:03:58.000Z (about 8 years ago)
- Default Branch: main
- Last Pushed: 2025-03-18T03:40:05.000Z (11 months ago)
- Last Synced: 2025-04-10T08:16:31.913Z (10 months ago)
- Topics: certificate, cli-tool, go, golang, ssl, tls
- Language: Go
- Homepage:
- Size: 2.58 MB
- Stars: 42
- Watchers: 3
- Forks: 4
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
[![Go Doc][godoc-image]][godoc-url]
[![Build Status][workflow-image]][workflow-url]
[![Go Report Card][goreport-image]][goreport-url]
[![Test Coverage][codecov-image]][codecov-url]
# gocert
If you are having a hard time every time using `openssl` for generating self-signed certificates, this tool is for you!
A lightweight library and also command-line interface for generating self-signed SSL/TLS certificates using pure go.
[](https://asciinema.org/a/vGNpB4ClRhBBoR3KOH6EVRzpH)
## Install
```
brew install moorara/brew/gocert
```
For other platforms, you can download the binary from the [latest release](https://github.com/moorara/gocert/releases/latest).
## Quick Start
```
mkdir certs
cd certs
gocert init
gocert root
gocert intermediate -name=sre
gocert sign -ca=root -name=sre
gocert server -name=webapp
gocert client -name=myservice
gocert sign -ca=sre -name=webapp,myservice
gocert verify -ca=root -name=sre
gocert verify -ca=sre -name=webapp,myservice
```
## Certificates Explained
You can generate the following types of certificates:
- Root Certificate Authority
- Intermediate Certificate Authority
- Server Certificate
- Client Certificate
**Root CA** is only used for signing intermediate CA.
There is only one root CA called `root` by default.
Root CA never signs user certificates (server or client) directly.
It should be keep secured, offline, and unused as much as possible.
**Intermediate CA** is used for signing server and client certificates.
It must be signed by `root` CA.
If an intermediate key is comprised, the root CA can revoke the intermediate CA and create a new one.
**Server** certificates can be used for securing servers and establishing SSL/TLS servers.
They should be signed by an intermediate certificate.
The `CommonName` for server certificates must be a *Fully Qualified Domain Name* (FQDN).
**Client** certificates can be used for client authentication and MTLS communications between services.
They should be signed by an intermediate certificate.
### Default Configs
| Type | Key Length | Expiry Days |
| ------------ | ---------- | --------------- |
| Root | 4096 | 7300 (20 years) |
| Intermediate | 4096 | 3650 (10 years) |
| Server | 2048 | 375 (~1 year) |
| Client | 2048 | 40 (~1 month) |
You can change these configs by editing `state.yaml` file.
[godoc-url]: https://pkg.go.dev/github.com/moorara/gocert
[godoc-image]: https://pkg.go.dev/badge/github.com/moorara/gocert
[workflow-url]: https://github.com/moorara/gocert/actions
[workflow-image]: https://github.com/moorara/gocert/workflows/Main/badge.svg
[goreport-url]: https://goreportcard.com/report/github.com/moorara/gocert
[goreport-image]: https://goreportcard.com/badge/github.com/moorara/gocert
[codecov-url]: https://codecov.io/gh/moorara/gocert
[codecov-image]: https://codecov.io/gh/moorara/gocert/branch/main/graph/badge.svg