certstrap
certstrap copied to clipboard
square
Tools to bootstrap CAs, certificate requests, and signed certificates.
```bash # build certstrap git clone https://github.com/square/certstrap cd certstrap go build # build rootca ./certstrap init --passphrase 123456 --expires "10 year" --organization "Google Trust Services LLC" --country "US" --common-name "BIG...
Could be a documentation issue - there is nothing in the README.md. I generated an Intermediate certificate using these steps: ``` ./bin/certstrap-master-linux-amd64 init --common-name "Unit Test Server Root CA" --key-bits...
Hello, Can you please make a release for arm64/aarch64 ? Regards, T.
**Background** We wanted to create a x509 certificate with multiple organizational units (ou). However, the current implementation accepts only a string and do not allow multiple organizational-units. `./bin/certstrap-dev-17687043-darwin-amd64 request-cert --domain...
From the linter: ``` Error: SA1019: x509.DecryptPEMBlock has been deprecated since Go 1.16 because it shouldn't be used: Legacy PEM encryption as specified in RFC 1423 is insecure by design....
Certain Microsoft services (like Remote Desktop Services) require certificates with special Extended Key Usage values. Microsoft has a registered OID (1.3.6.1.4.1.311.54.1.2) for "Remote Desktop Authentication": http://oid-info.com/cgi-bin/display?oid=1.3.6.1.4.1.311.54.1.2&action=display This change makes it...
Adds `notbefore` as an argument to `init` and `sign` to allow setting NotBefore property. If `notbefore` is not supplied, the `NotBefore` will be set as 10 minutes earlier than now....
Revoke command creates expired CRL. I've found this out when tried to use certstrap-produced CRL with nginx which performs expiry check on CRL.
This commit adds support for signing certificates with the codeSigning extended key usage extension. Tried to make this as non-invasive as possible by adding a new function to create host...
