A performant and optimized Go library for generating, validating, and managing X.509 certificates, Certificate Authorities (CAs), and related cryptographic operations.
-
Certificate Generation
- Self-signed certificates
- CA certificates with path length constraints
- Server/Client certificates
- Certificate Signing Requests (CSR)
- RSA-PSS support for enhanced security
-
π Key Management
- RSA (2048, 4096 bits)
- ECDSA (P-256, P-384, P-521)
- Ed25519
- Secure key generation using
crypto/rand
-
π Encoding/Decoding
- PEM format support
- DER format support
- PKCS#12 (P12/PFX) bundle support
-
β Validation
- Chain of trust verification
- Expiration checking
- Hostname verification
- Signature algorithm validation
- Custom validation rules
-
π Advanced Features
- Certificate Revocation List (CRL) generation and management
- OCSP (Online Certificate Status Protocol) support
- CRL validation and revocation checking
- Extension support (Key Usage, Extended Key Usage, SAN, etc.)
The executable supports all library operations:
- Generate CA certificates
- Generate server/client certificates
- Sign certificates with CA
- Validate certificates and chains
- View certificate details
- CRL and OCSP operations
- Batch operations via config files
- Multi-platform Support: Windows, Linux, macOS (AMD64, ARM64)
- GitHub Actions: Automated linting, testing, security scanning (SonarQube), and releases
- Package Distribution: Published to Go pkg registry on releases
- Docker Support: Container-ready
.
βββ cmd/certifier/ # Executable
βββ pkg/
β βββ cert/ # Core certificate operations
β βββ encoding/ # PEM/DER/PKCS12 encoding
β βββ validation/ # Certificate validation
β βββ crl/ # CRL management
β βββ ocsp/ # OCSP support
βββ internal/
β βββ cli/ # CLI command implementations
βββ test/ # Integration tests
βββ .github/workflows/ # GitHub Actions
βββ go.mod
go install github.com/0x524a/certifier/cmd/certifier@latestDownload pre-built binaries from GitHub Releases
go get github.com/0x524a/certifierpackage main
import (
"log"
"github.com/0x524a/certifier/pkg/cert"
)
func main() {
// Generate a self-signed certificate with RSA-PSS for enhanced security
config := &cert.CertificateConfig{
CommonName: "example.com",
Organization: "Example Corp",
Country: "US",
Validity: 365,
KeyType: cert.KeyTypeRSA2048,
UseRSAPSS: true, // Enable RSA-PSS for better security
DNSNames: []string{"example.com", "www.example.com"},
}
cert, key, err := cert.GenerateSelfSignedCertificate(config)
if err != nil {
log.Fatal(err)
}
// Encode to PEM
certPEM, _ := encoding.EncodeCertificateToPEM(cert)
keyPEM, _ := encoding.EncodePrivateKeyToPEM(key)
// Use cert and key...
}# Generate a CA certificate
certifier ca generate --cn "My CA" --output ca.crt --key-output ca.key
# Generate a server certificate signed by CA
certifier cert generate \
--cn "example.com" \
--ca-cert ca.crt \
--ca-key ca.key \
--output server.crt \
--key-output server.key
# Validate a certificate
certifier cert validate --cert server.crt --ca-cert ca.crt
# View certificate details
certifier cert view --cert server.crt- API Documentation - Complete package documentation
- Quick Start Guide - Get started quickly
- Contributing Guide - How to contribute
- Security Policy - Security practices and reporting
- Roadmap - Future plans and features
go build -o bin/certifier ./cmd/certifiergo test -v -cover ./...golangci-lint runThis library is optimized for:
- Fast certificate generation using efficient key generation algorithms
- Minimal memory allocations
- Concurrent certificate operations where applicable
- Cache-friendly data structures
Benchmarks:
- Certificate generation: < 100ms (RSA 2048-bit)
- Certificate validation: < 10ms
- CRL generation: < 50ms (1000 revoked certificates)
Contributions are welcome! Please see our Contributing Guide for details.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'feat: add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Before submitting:
- β
All tests pass (
go test ./...) - β
Code passes linting (
golangci-lint run) - β
Code is formatted (
gofmt -w .) - β Documentation is updated
Security is a top priority. See our Security Policy for:
- Reporting vulnerabilities
- Supported versions
- Security best practices
Key Security Features:
- π RSA-PSS support for enhanced signature security
- π² Cryptographically secure random number generation
- π Certificate chain validation
- π CRL and OCSP support
- π‘οΈ No external crypto dependencies
- π Pinned GitHub Actions (supply chain security)
- Test Coverage: >85%
- Test Functions: 226+
- Supported Platforms: Linux, macOS, Windows (AMD64, ARM64)
- Go Version: 1.22+
- CI/CD: GitHub Actions with SonarQube integration
See LICENSE file for details.
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Security: See Security Policy
If you find this project useful, please consider giving it a star! β
See Releases for detailed changelog.
Made with β€οΈ by the Certifier community