certify

package module

v1.4.0 Latest Latest Go to latest Published: Apr 15, 2022 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nothinux/certify

Links

Open Source Insights

README ¶

Certify

Certify can be used for creating a private CA (Certificate Authority) and issuing certificates signed by the pre-created CA.

Certify is easy to use and can be used as an alternative to OpenSSL.

Feature

Create a certificate authorities
Issue certificate with custom common name, ip san, dns san, expiry date, and extended key usage
Show certificate information from file or remote host
Export certificate to PKCS12 format
Verify private key matches with certificate

Installation

Download in the release page

Usage

certify [flag] [ip-or-dns-san] [cn:default certify] [expiry: s,m,h,d]

$ certify -init
⚡️ Initialize new CA Certificate and Key

You must create new CA by run -init before you can create certificate.

$ certify server.local 172.17.0.1
⚡️ Generate certificate with alt name server.local and 172.17.0.1

$ certify cn:web-server
⚡️ Generate certificate with common name web-server

$ certify server.local expiry:1d
⚡️ Generate certificate expiry within 1 day

$ certify server.local eku:serverAuth,clientAuth
⚡️ Generate certificate with extended key usage Server Auth and Client Auth

Also, you can see information from certificate

$ certify -read server.local.pem
⚡️ Read certificate information from file server.local.pem

$ certify -connect google.com:443
⚡️ Show certificate information from remote host

Export certificate and private key file to pkcs12 format
$ certify -export-p12 cert.pem cert-key.pem ca-cert.pem
⚡️ Generate client.p12 pem file containing certificate, private key and ca certificate

Verify private key matches a certificate
$ certify -match cert-key.pem cert.pem
⚡️ verify cert-key.pem and cert.pem has same public key

Use Certify as library

You can also use certify as library for your Go application

Installation

go get github.com/nothinux/certify

Documentation

see pkg.go.dev

Example

Create Private Key and CA Certificates

package main

import (
	"crypto/x509/pkix"
	"log"
	"os"
	"time"

	"github.com/nothinux/certify"
)

func main() {
	p, err := certify.GetPrivateKey()
	if err != nil {
		log.Fatal(err)
	}

	if err := os.WriteFile("CA-key.pem", []byte(p.String()), 0640); err != nil {
		log.Fatal(err)
	}

	// create ca
	template := certify.Certificate{
		Subject: pkix.Name{
			Organization: []string{"certify"},
		},
		NotBefore: time.Now(),
		NotAfter:  time.Now().Add(8766 * time.Hour),
		IsCA:      true,
	}

	caCert, err := template.GetCertificate(p.PrivateKey)
	if err != nil {
		log.Fatal(err)
	}

	if err := os.WriteFile("CA-cert.pem", []byte(caCert.String()), 0640); err != nil {
		log.Fatal(err)
	}

}

License

MIT

Documentation ¶

Index ¶

func CertInfo(cert *x509.Certificate) string
func GetPublicKey(pub interface{}) (string, error)
func GetSerial() (*big.Int, error)
func ParseCertificate(cert []byte) (*x509.Certificate, error)
func ParsePrivateKey(pkey []byte) (*ecdsa.PrivateKey, error)
type Certificate
- func (c *Certificate) GetCertificate(pkey *ecdsa.PrivateKey) (*Result, error)
- func (c *Certificate) SetTemplate(serial *big.Int) x509.Certificate
type PrivateKey
- func GetPrivateKey() (*PrivateKey, error)
- func (p *PrivateKey) String() string
type Result
- func (r *Result) String() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CertInfo ¶ added in v1.2.0

func CertInfo(cert *x509.Certificate) string

func GetPublicKey ¶

func GetPublicKey(pub interface{}) (string, error)

GetPublicKey returns string of pem encoded structure from given public key

func GetSerial ¶

func GetSerial() (*big.Int, error)

GetSerial returns serial and an error

func ParseCertificate ¶

func ParseCertificate(cert []byte) (*x509.Certificate, error)

ParseCertificate returns parsed certificate and error

func ParsePrivateKey ¶

func ParsePrivateKey(pkey []byte) (*ecdsa.PrivateKey, error)

ParsePrivatekey parse given []byte private key to struct *ecdsa.PrivateKey

Types ¶

type Certificate ¶

type Certificate struct {
	Subject          pkix.Name
	NotBefore        time.Time
	NotAfter         time.Time
	IPAddress        []net.IP
	DNSNames         []string
	IsCA             bool
	Parent           *x509.Certificate
	ParentPrivateKey interface{}
	ExtentedKeyUsage []x509.ExtKeyUsage
}

func (*Certificate) GetCertificate ¶

func (c *Certificate) GetCertificate(pkey *ecdsa.PrivateKey) (*Result, error)

GetCertificate generate certificate and returns it in Result struct

func (*Certificate) SetTemplate ¶

func (c *Certificate) SetTemplate(serial *big.Int) x509.Certificate

SetTemplate set template for x509.Certificate from given Certificate struct

type PrivateKey ¶

type PrivateKey struct {
	*ecdsa.PrivateKey
}

func GetPrivateKey ¶

func GetPrivateKey() (*PrivateKey, error)

getPrivateKey returns struct PrivateKey containing the private key

func (*PrivateKey) String ¶

func (p *PrivateKey) String() string

String returns string of private key in pem encoded format

type Result ¶

type Result struct {
	Certificate []byte
}

func (*Result) String ¶

func (r *Result) String() string

String returns certificate in string format

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
certify

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL