Gopher design by Tugay BALCI
GoSSL
GoSSL is a cross platform, easy to use SSL/TLS toolset written with Go and built with ❤️
Features
- Generate RSA private and public key
- Generate x509 RSA Certificate Request (CSR)
- Generate x509 RSA Root CA
- Generate x509 RSA Certificate
- Verify a Certificate with a Root CA
- Verify a URL with a Root CA
- Generate SSH key pair
- Copy SSH public key to remote SSH server
Install
Executable binaries can be downloaded at Releases page according to user's operating system and architecture. After download, extract compressed files and start using GoSSL via terminal.
MacOS Homebrew Install
MacOS users can install GoSSL via Homebrew with the commands below.
brew tap yakuter/homebrew-tap
brew install gossl
Commands
version
version
command displays the current version of GoSSL
gossl -v
gossl --version
help
help
command displays default help and existing commands. It can also be used to get sub command helps.
gossl help
gossl help cert
...
key
key
command generates RSA private key with provided bit size.
gossl key --help
gossl key --bits 2048
gossl key --bits 2048 --out private.key
gossl key --bits 2048 --out private.key --withpub
info
info
displays information about x509 certificate. Thanks grantae for great certinfo tool which is used here.
gossl info cert.pem
cert
cert
command generates x509 SSL/TLS Certificate Request (CSR), Root CA and Certificate with provided private key.
Help
gossl cert --help
Generate Certificate Request (CSR)
gossl cert \
--key private.key \
--out cert.csr \
--days 365 \
--serial 12345 \
--isCSR
Generate Root CA
gossl cert \
--key private.key \
--out ca.pem \
--days 365 \
--serial 12345 \
--isCA
Generate Certificate
gossl cert \
--key private.key \
--out cert.pem \
--days 365 \
--serial 12345
verify
verify
command verifies x509 certificate with provided root CA in PEM format.
gossl verify --help
// Verify certificate with root CA
gossl verify --cafile ./testdata/ca-cert.pem --certfile ./testdata/server-cert.pem
gossl verify --cafile ./testdata/ca-cert.pem --certfile ./testdata/server-cert.pem --dns 127.0.0.1
// Verify URL with root CA
gossl verify --cafile testdata/ca-cert.pem --url https://127.0.0.1
ssh
ssh
command generates SSH key pair with provided bit size just like ssh-keygen
tool. These key pairs are used for automating logins, single sign-on, and for authenticating hosts.
gossl key --help
gossl key --bits 2048
gossl key --bits 2048 --out ./id_rsa
// output will be written to ./id_rsa and ./id_rsa_pub files
ssh-copy
ssh-copy
connects remote SSH server, creates /home/user/.ssh
directory and authorized_keys
file in it and appends provided public key (eg, id_rsa.pub) to authorized_keys
file just like ssh-copy-id
tool.
gossl ssh-copy --help
// This command will use default SSH public key path as "USER_HOME_DIR/.ssh/id_rsa.pub"
gossl ssh-copy remoteUser@remoteIP
// This command will ask for password to connect SSH server
gossl ssh-copy --pubkey /home/user/.ssh/id_rsa.pub remoteUser@remoteIP
gossl ssh-copy --pubkey /home/user/.ssh/id_rsa.pub --password passw@rd123 remoteUser@remoteIP
TODO
- Add generate command for generating private key, root ca and x509 certificates in one command
- Add cert template format read from yaml file
- Add certificate converter command like DER to PEM etc.
- Add test for info command
- Add test for CertFromFile function at utils package