Skip to content

martialblog/tls-tool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
.github
.github
 
 
tls
tls
 
 
.gitignore
.gitignore
 
 
.golangci.yml
.golangci.yml
 
 
.goreleaser.yml
.goreleaser.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
tls-tool.go
tls-tool.go
 
 

Repository files navigation

tls-tool

A tool for creating a demo certificate authority (CA) and self signed certificates quickly.

Fork of https://github.com/ribbybibby/tls-tool

Usage

tls-tool -help
usage: tls-tool [<flags>] <command> [<args> ...]

A tool for creating TLS certificates quickly

Flags:
  -help    Show help
  -version Show version

Commands:
  ca [<flags>]
    Create a new certificate authority

  cert [<flags>]
    Create a new certificate

Usage of the CA subcommand:

tls-tool ca -help
usage: tls-tool ca [<flags>]

Create a new certificate authority

Flags:
-additional-name-constraint value
      Add additional name constraints for the CA
-country string
      Country code for the new CA (default "GB")
-days int
      Number of days the CA is valid (default 1825)
-domain string
      Domain name for the new CA (default "ribbybibby.me")
-locality string
      Locality for the new CA (default "London")
-name-constraint
      Add name constraints for the CA
-organization string
      Organization for the new CA (default "ribbybibby")
-postal-code string
      Postal code for the new CA (default "SW18XXX")
-province string
      Province for the new CA (default "England")
-street-address string
      Street Address for the new CA (default "123 Fake St")

Usage of the certificate subcommand:

tls-tool cert -help

usage: tls-tool cert [<flags>]

Create a new certificate

Flags:
-additional-dnsname value
      Provide additional dnsnames for Subject Alternative Names
-ca string
      Path to the CA certificate file (default "ca.pem")
-days int
      Number of days the certificate is valid for from now on (default 365)
-domain string
      Domain for the new certificate (default "ribbybibby.me")
-insecure
      Optionally allow the creation of purposely expired or otherwise invalid certs
-ipaddresses value
      Provide IPs for Subject Alternative Names
-key string
      Path to the CA key file (default "ca-key.pem")

Examples

Create a CA:

tls-tool ca

ca.pem
ca-key.pem

Create a certificate:

tls-tool cert

cert-ribbybibby.me-0.pem
cert-ribbybibby.me-0-key.pem

With additional names:

tls-tool cert -additional-dnsname foobar.internal -additional-dnsname example.internal

cert-ribbybibby.me-1.pem
cert-ribbybibby.me-1-key.pem

With a specific extended key usage:

tls-tool cert -eku serverauth -eku clientauth

Available values are (case-insensitive):

CLI value EKU
any x509.ExtKeyUsageAny
serverauth x509.ExtKeyUsageServerAuth
clientauth x509.ExtKeyUsageClientAuth
codesigning x509.ExtKeyUsageCodeSigning
emailprotection x509.ExtKeyUsageEmailProtection
ipsecendsystem x509.ExtKeyUsageIPSECEndSystem
ipsectunnel x509.ExtKeyUsageIPSECTunnel
ipsecuser x509.ExtKeyUsageIPSECUser
timestamping x509.ExtKeyUsageTimeStamping
ocspsigning x509.ExtKeyUsageOCSPSigning
microsoftservergatedcrypto x509.ExtKeyUsageMicrosoftServerGatedCrypto
netscapeservergatedcrypto x509.ExtKeyUsageNetscapeServerGatedCrypto
microsoftcommercialcodesigning x509.ExtKeyUsageMicrosoftCommercialCodeSigning
microsoftkernelcodesigning x509.ExtKeyUsageMicrosoftKernelCodeSigning

See: https://pkg.go.dev/crypto/x509#ExtKeyUsage

Verification:

openssl x509 -inform pem -noout -text -in cert-ribbybibby.me-0.pem

About

A tool for creating a demo certificate authority (CA) and self signed certificates quickly.

Resources

Readme

License

MPL-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

v1.0.0 Latest
Feb 16, 2025
+ 1 release

Contributors 3

  •  
  •  
  •  

Languages