certstrap
certstrap copied to clipboard
square
Tools to bootstrap CAs, certificate requests, and signed certificates.
This sets up certstrap for easier import from Bazel projects: with this, certstrap can be imported with the following Bazel WORKSPACE snippet, assuming that Gazelle has been set up in...
I've had some success in integrating certstrap into my Bazel builds to create test certificates. To do so I have to maintain the list of external dependencies within my own...
The build on docker hub is tagged as `latest` which could cause issues if the build is ever updated. I suggest another adding another tag for each release. e.g `squareup/certstrap:1.2.0`...
Sometimes you've already got a crt/key already, and you just want it reissued. We've got a --key for `certstrap request-cert` to use an existing cert, maybe we should have a...
Hello, I find that I often need to create expired certificates for testing related validation and it would be extremely helpful if the `--expires` option was extended to allow passing...
Add a parameter to support issuing certificates with custom EKUs. (Use case: I need to issue certificates with BitLocker OIDs in the EKU extension.) I hope to extend this in...
For interactive users, it would be useful to provide shell completion. GNU Bash is widespread and a good candidate for first implementation. I can help by providing a PR, but...
It would be useful to have Certstrap able to implement the spiffe workload APIs, so that it can be used for local testing of software without needing a node agent
I'm not a huge fan. Maybe we should just require explicit filenames everywhere. Seems more "normal unix tool".
Certainly we almost never use password-protected private keys (that's what Keywhiz is for, after all). We should require a flag.