MiniCA

MiniCA is a LAB-ONLY (Don't use this in production systems or untrusted networks!) CA made for use with my other project FakerNet. It has simple web interface than can be easily scripted with Python for curl. POST a CSR csrfile and the CA private key password password (for some form of authentication) you get a signed certificate.

Password is auto-generated an in the ./certs/ca.pass file. Keep this safe.

Example:

curl --cacert ./certs/ca.crt -F csrfile=@server.csr -F password=<PASSWORD> https://localhost:8443

The CA cert is available at /static/certs/fakernet-ca.crt or /static/certs/fakernet-ca.p7b on the web server.

Certs are stored in the ./certs/ directory.

Sources

Thanks to these pages for help:

Go PKI and Certificates

• Create a PKI in GoLang
• How to use an encrypted private key with golang ssh - StackOverflow
• Golang RSA encrypt and decrypt example
• Using encrypted private keys with Golang HTTPS server
• How create rsa private key with passphrase in golang - StackOverflow
• Signing certificate request with certificate authority - StackOverflow
• Go: How do I add an extension (subjectAltName) to a x509.Certificate? - StackOverflow

OpenSSL Commands

• Verify a certificate chain using openssl verify - StackOverflow
• The Most Common OpenSSL Commands
• How to convert a certificate into the appropriate format