acert

command module

v0.0.0-...-262cf83 Latest Latest Go to latest Published: Aug 14, 2022 License: MIT Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/lstellway/acert

Links

Open Source Insights

README ¶

acert

Command-line utility for managing PKI certificates written in Go.

Features

🔐 Manage Your Public Key Infrastructure

Perform many common tasks necessary for setting up your PKI infrastructure.

Generate signing requests
Generate authority certificates
Generate client certificates
Build certificate chains
Verify certificate root, chain & hosts
Trust certificates

✨ Simple, Intuitive API

A goal of this project is to make PKI simple and approachable.

Please don't hesitate to submit an issue or open a pull request with your suggestions

📈 ECDSA Elliptic Curve Support

Certificates can be signed using ECDSA Elliptic Curves:

Standard	Description
P-224	Uses a curve which "implements NIST P-224 (FIPS 186-3, section D.2.2)"
P-256	Uses a curve which "implements NIST P-256 (FIPS 186-3, section D.2.3)"
P-384	Uses a curve which "implements NIST P-384 (FIPS 186-3, section D.2.4)"
P-521	Uses a curve which "implements NIST P-521 (FIPS 186-3, section D.2.5)"

Be sure to check if the chosen elliptic curve is supported for your use case
For example: Chrome 42.x does not support P-521

📉 ED25519 Support

A certificate can be signed with a key using the ED25519 signature algorithm.

Be sure to check if your use case supports ED25519 (good reference).

Installation

Prebuilt Binaries

You can download pre-built binaries for your operating system on the Releases page.

Homebrew

The acert package is included in the lstellway/formulae tap.
To install with homebrew, tap the tap:

brew tap lstellway/formulae

Update taps and install the formula:

brew update \
    && brew install lstellway/formulae/acert

Optionally test the installation:

brew test lstellway/formulae/acert

...and enjoy the brew 🍻

Build From Source

To build from source:

install and configure Go on the system.
Download the repository
Run make build to build the binary:

git clone https://github.com/lstellway/acert.git \
    && cd acert \
    && make build

This will output the acert binary in the directory.
Be sure to move it into a directory included in your PATH environment variable.

Usage

# Build a self-signed certificate authority with "local-root" as the subject alternative name
acert authority -san 'local-root'

# Use ECDSA elliptic curves 
acert authority -ecdsa -san 'local-root'

# Trust the authority certificate
acert trust local-root.ca.cert.pem

# Create a certificate chain by signing another authority
acert authority -parent local-root.ca.cert.pem -key local-root.ca.key.pem -san 'local-intermediate'

# Sign a client certificate with the intermediate certificate
acert client -parent local-intermediate.ca.cert.pem -key local-intermediate.ca.key.pem -san 'test.com,*.test.com'

# Verify that the certificate is setup as expected
acert verify -root local-root.ca.cert.pem -intermediate local-intermediate.ca.cert.pem -hosts 'test.com,*.test.com' test.com.cert.pem

If you ever need help with a command, simply run the help subcommand:

# Main help page
acert help

# Authority help page
acert authority help

A test/ directory has also been added with an example for testing your certificate with NGINX on Docker.

More help documentation coming soon...

Versioning

To show the current version of acert, run:

acert version

Format

Versions will be in the year.month[.revision][-stage] format. Examples:

2021.09.1
2021.10.1-alpha
2021.10.1-beta
2021.10.1-rc
...

Resources

Mozilla SSL Configuration Generator
- Put your certificates to work! This tool will help you build SSL configurations for many popular software.
Wikipedia

Documentation ¶

Overview ¶

acert is a command-line utility for managing PKI certificates written in Go

Features ¶

Perform many common tasks necessary for setting up your PKI infrastructure.

✓ Generate signing requests
✓ Generate authority certificates
✓ Generate client certificates
✓ Build certificate chains
✓ Verify certificate root, chain & hosts
✓ Trust certificates

Simple, Intuitive API ¶

A goal of this project is to make PKI simple and approachable.

Please don't hesitate to submit an issue or open a PR with your suggestions: https://github.com/lstellway/acert/issues

ECDSA Elliptic Curve Support ¶

Certificates can be signed using ECDSA Elliptic Curves: https://pkg.golang.ir/crypto/ecdsa

The P-224, P-256, P-384 and P-521 standards are all included as part of the package: https://pkg.golang.ir/crypto/elliptic

ED25519 Support ¶

A certificate can be signed with a key using the ED25519 signature algorithm: https://pkg.golang.ir/crypto/ed25519

Note:

Be sure to check if your use case supports ED25519. For example, ED25519 was introduced in TLS v1.3, which is only supported by a subset of browsers.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL