gen-self-signed-cert

command module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 8, 2018 License: MIT Imports: 15 Imported by: 0

README

gen-self-signed-cert

Dead-simple, portable generation of host self-signed x509 cert via temporary root CA.

Purpose

This package provides simple, cross-platform generation of self-signed client and server TLS certs. It is intended for cases where it is infeasible to use a more complete internal CA.

Installation

See the Releases page. Download and extract the binary for your platform.

Usage

Commands below are for OSX/Linux; for Windows use gen-self-signed-cert.exe.

  1. Generate the CA and host certificate for your host (here, myhost.example.com):
    • to create a plaintext key file
      gen-self-signed-cert -host myhost.example.com
      
    • to create a password-protected, AES-256 encrypted key file
      gen-self-signed-cert -encrypt -host myhost.example.com
      
  2. Send the ca.crt file to the system that needs to authenticate your host, and configure that system to trust your CA. For example:
  3. Configure your host to use the combination of host.crt and host.key to authenticate itself.
    • For a curl client performing client certificate authentication, these would be the --cert and --key flags, as in:
      curl --cert host.crt --key host.key https://some.server.com
      
    • For a HAProxy server terminating TLS, these would be combined into the ssl crt /etc/ssl/xip.io/xip.io.pem file.

Documentation

The Go Gopher

There is no documentation for this package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL