https://github.com/nothinux/certify
:lock: Create private CA and Issue Certificates without hassle
https://github.com/nothinux/certify
certificate certificate-authority go golang mtls tls
Last synced: 5 months ago
JSON representation
:lock: Create private CA and Issue Certificates without hassle
- Host: GitHub
- URL: https://github.com/nothinux/certify
- Owner: nothinux
- License: mit
- Created: 2022-02-18T09:36:21.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2023-09-15T12:45:30.000Z (almost 3 years ago)
- Last Synced: 2024-06-20T02:01:57.099Z (about 2 years ago)
- Topics: certificate, certificate-authority, go, golang, mtls, tls
- Language: Go
- Homepage:
- Size: 5.61 MB
- Stars: 44
- Watchers: 2
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# :lock: Certify
Certify is an easy-to-use certificate manager and can be used as an alternative to OpenSSL. With Certify you can create your own private CA (Certificate Authority) and issue certificates with your own CA.
[](https://pkg.go.dev/github.com/nothinux/certify) [](https://goreportcard.com/report/github.com/nothinux/certify)  [](https://codecov.io/gh/nothinux/certify)
## Feature
+ Create a CA and intermediate CA
+ Issue certificate with custom common name, ip san, dns san, expiry date, and extended key usage
+ Show certificate information from file or remote host
+ Export certificate to PKCS12 format
+ Verify private key matches with certificate
+ Revoke certificate
## Installation
Download in the [release page](https://github.com/nothinux/certify/releases)
## Usage
```
_ _ ___
___ ___ ___| |_|_| _|_ _
| _| -_| _| _| | _| | |
|___|___|_| |_| |_|_| |_ |
|___| Certify v1.x
Usage of certify:
certify [flag] [ip-or-dns-san] [cn:default certify] [eku:default serverAuth,clientAuth] [expiry:default 8766h s,m,h,d]
$ certify server.local 172.17.0.1 cn:web-server eku:serverAuth expiry:1d
$ certify -init cn:web-server o:nothinux crl-nextupdate:100d
Flags:
-init
Initialize new root CA Certificate and Key
-intermediate
Generate intermediate certificate
-read
Read certificate information from file or stdin
-read-crl
Read certificate revocation list from file or stdin
-connect
Show certificate information from remote host, use tlsver to set spesific tls version
-export-p12
Generate client.p12 pem file containing certificate, private key and ca certificate
-match
Verify cert-key.pem and cert.pem has same public key
-interactive
Run certify interactively
-revoke
Revoke certificate, the certificate will be added to CRL
-verify-crl
Check if the certificate was revoked
-version
print certify version
```
Create Certificate with CN nothinux and expiry 30 days
```
# create CA
$ certify -init cn:nothinux o:nothinux
# create Certificate
$ certify cn:nothinux expiry:30d
```
Create Certificate interactively
```
$ certify -interactive
```
Read Certificate
```
$ certify -read ca-cert.pem
or
$ cat ca-cert.pem | certify -read
```
## Use Certify as library
You can also use certify as library for your Go application
### Installation
```
go get github.com/nothinux/certify
```
### Documentation
see [pkg.go.dev](https://pkg.go.dev/github.com/nothinux/certify)
### Example
#### Create Private Key and CA Certificates
``` go
package main
import (
"crypto/x509/pkix"
"log"
"os"
"time"
"github.com/nothinux/certify"
)
func main() {
p, err := certify.GetPrivateKey()
if err != nil {
log.Fatal(err)
}
if err := os.WriteFile("CA-key.pem", []byte(p.String()), 0640); err != nil {
log.Fatal(err)
}
// create ca
template := certify.Certificate{
Subject: pkix.Name{
Organization: []string{"certify"},
},
NotBefore: time.Now(),
NotAfter: time.Now().Add(8766 * time.Hour),
IsCA: true,
}
caCert, err := template.GetCertificate(p.PrivateKey)
if err != nil {
log.Fatal(err)
}
if err := os.WriteFile("CA-cert.pem", []byte(caCert.String()), 0640); err != nil {
log.Fatal(err)
}
}
```
## License
[MIT](https://github.com/nothinux/certify/blob/master/LICENSE)