Skip to content
Certificate generation made easy
Go Makefile Dockerfile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docker new: use mage file Jan 19, 2018
tglib Fix type error Jul 11, 2019
tgnoob new: licensing May 1, 2019
.gitignore New: Enable Code Coverage reports Nov 7, 2018
LICENSE new: licensing May 1, 2019
Makefile remove gopkg Sep 13, 2019
README.md Update: Add badge to README Nov 7, 2018
doc.go fixed: build May 6, 2019
go.mod seriously? Jun 27, 2019
go.sum seriously? Jun 27, 2019
main.go new: licensing May 1, 2019

README.md

tg

codecov

tg (short for tlsgen, and also a french pun) makes issuing certificates easy. It only used the standard golang crypto lib (but for generating pkcs12, as go doesn't provide a way to write them. If you want the --p12 option to work, you need openssl installed.)

Install

go get -u github.com/aporeto-inc/tg

Examples

To generate a self signed server certificate:

% tg cert --name mycert --org acme --common-name john --auth-server
INFO[0000] certificate key pair created             cert=mycert-cert.pem key=mycert-key.pem

To generate a CA:

% tg cert --name myca --org acme --common-name root --is-ca --pass secret
INFO[0000] certificate key pair created             cert=myca-cert.pem key=myca-key.pem

To issue a client certificate from a CA:

% tg cert --name myclient --org acme --common-name client \
    --auth-client \
    --signing-cert myca-cert.pem \
    --signing-cert-key myca-key.pem \
    --signing-cert-key-pass secret
INFO[0000] certificate key pair created             cert=myclient-cert.pem key=myclient-key.pem

To verify a certificate:

% tg verify --cert myclient-cert.pem --signer myca-cert.pem
INFO[0000] certificate verified

To generate a CSR and a private key:

% tg csr --name myreq --org acme --common-name client
INFO[0000] Certificate request and private key created   csr=myreq-csr.pem key=myreq-key.pem

To sign a CSR:

% tg sign --name newcert --csr myreq-csr.pem \
    --auth-server \
    --signing-cert myca-cert.pem \
    --signing-cert-key myca-key.pem \
    --signing-cert-key-pass secret
INFO[0000] Certificate issued                            cert=newcert-cert.pem

To encrypt a private key:

% tg encrypt --key myclient-key.pem --pass secret > myclient-key.pem.enc

To decrypt a private key:

% tg decrypt --key myclient-key.pem.enc --pass secret

Lot's of additional options:

tg -h

NOTE: all parameters can be given using env variables. Prefix the argument with TLSGEN_. for instance TLSGEN_OUT for setting output dir.

You can’t perform that action at this time.