Documentation
¶
Overview ¶
Lifecycle management of generated TLS certificates.
This CA is required to generate TLS certificate for hostnames on the fly. It uses self-signed certificate + its primary key (or, if you want, you can provide your own certificates) to generate ad-hoc TLS certificates for the given hosts.
The certificates are generated in determenistic way derived from your CA private key so please keep it is secret.
How to generate your own pair ¶
To generate your own set of CA certificate and private key, please use the following command line:
openssl req -x509 -newkey rsa:1024 -keyout private-key.pem -out ca.crt -days 3650 -nodes
file ca.crt will contain CA certificate; private-key.pem - CA private key.
Index ¶
Constants ¶
const ( // CACacheSize defines a size of LFU cache to use. Each hostname // corresponds to a certain entry in this cache and each hostname is // responsible for a single generated certificate. // // It may sound scary but scales well on practice. Usually you do // not need to alter this parameter. Please remember we talk about // LFU cache. CACacheSize = 1024 // CACacheTTL defines TTL for each generated TLS certificate. // Actually, this parameter can be up to 3 months but it will be // better to regenerate it more frequently. CACacheTTL = 7 * 24 * time.Hour )
const RSAKeyLength = 2048
RSAKeyLength defines a bit length of generated RSA key. This is a good default for fake certificates, you usually do not need anything more than that.
Variables ¶
var ErrContextClosed = &errors.Error{
Message: "context is closed",
}
ErrContextClosed is returned if we ask for the certificate but corresponding context was already closed and whole CA should be terminated.
Functions ¶
This section is empty.
Source Files