Simple tool to generate a certificate authority and a directory of certificates for a list of hosts.
Developed for testing SSL/TLS configuration of services in docker-compose.
Basic usage is to invoke the tool with a list of hosts:
$ makecerts certificate host1 host2 host3Multiple types of operation can be invoked:
$ makecerts certificate host1 -- sign host2 -- request host3Operations can also be supplied via stdin, in which case the format follows the command line format but is line delimited - i.e.
$ makecerts << EOF
certificate
host1
host2
host3
EOFThis generates a CA certificate for localhost, and a number of certificates with the specified hostname. The CommonName is set to the first name provided, additional names can be provided separated by commas to add SANs. SAN names are auto-recognized as hostnames, IP addresses or emails - e.g.
When generating certificates or CSRs, a number of options can be specified in URL-encoded syntax format:
| Name | Description |
|---|---|
usage |
Key Usage: digitalsignature contentcommitment keyencipherment dataencipherment keyagreement certsign crlsign encipheronly decipheronly Default is digitalsignature |
extusage |
Extended Key Usage: any serverauth clientauth codesigning emailprotection ipsecendsystem ipsectunnel ipsecuser timestamping ocspsigning microsoftservergatedcrypto netscapeservergatedcrypto microsoftcommercialcodesigning microsoftkernelcodesigning |
ca |
Certificate Authority Basic Constraint: true or false |
maxpathlen |
Certificate Authority Max Path Length Basic Constraint |
template |
Microsoft ADCS enrollment certificate type (string which matches server template) |
name |
Certificate Common Name (otherwise first SAN will be used) |
cert |
Filename or path of certificate file to read or create |
key |
Filename or path of private key file to read or create |
csr |
Filename or path of certificate signing request to read or create |
# Generate a CSR for a new CA
./makecerts request "issuing_ca?ca=1&maxpathlen=1&name=Test Issuing CA"The build systme is based on Mage. go run mage.go will compile and produce a
list of targets. go run mage.go binary will build a binary for your platform
and symlink it from the root directory.