Skip to content

brimworks/easypki

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits

cmd/easypki

cmd/easypki

 
 

example

example

 
 

pkg

pkg

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

test.sh

test.sh

 
 

Repository files navigation

Build Status codecov

easypki

Easy Public Key Infrastructure intends to provide most of the components needed to manage a PKI, so you can either use the API in your automation, or use the CLI.

API

godoc

For the latest API:

import "gopkg.in/google/easypki.v1"

Legacy API

API below pkg/ has been rewritten to allow extensibility in terms of PKI storage and better readability.

If you used the legacy API that was only writing files to disk, a tag has been applied so you can still import it:

import "gopkg.in/google/easypki.v0"

CLI

Current implementation of the CLI uses the local store and uses a structure compatible with openssl, so you are not restrained.

# Get the CLI:
go get github.com/google/easypki/cmd/easypki


# You can also pass the following through arguments if you do not want to use
# env variables.
export PKI_ROOT=/tmp/pki
export PKI_ORGANIZATION="Acme Inc."
export PKI_ORGANIZATIONAL_UNIT=IT
export PKI_COUNTRY=US
export PKI_LOCALITY="Agloe"
export PKI_PROVINCE="New York"

mkdir $PKI_ROOT

# Create the root CA:
easypki create --filename root --ca "Acme Inc. Certificate Authority"

# In the following commands, ca-name corresponds to the filename containing
# the CA.

# Create a server certificate for blog.acme.com and www.acme.com:
easypki create --ca-name root --dns blog.acme.com --dns www.acme.com www.acme.com

# Create an intermediate CA:
easypki create --ca-name root --filename intermediate --intermediate "Acme Inc. - Internal CA"

# Create a wildcard certificate for internal use, signed by the intermediate ca:
easypki create --ca-name intermediate --dns "*.internal.acme.com" "*.internal.acme.com"

# Create a client certificate:
easypki create --ca-name intermediate --client --email bob@acme.com bob@acme.com

# Revoke the www certificate.
easypki revoke $PKI_ROOT/root/certs/www.acme.com.crt

# Generate a CRL expiring in 1 day (PEM Output on stdout):
easypki crl --ca-name root --expire 1

You will find the generated certificates in $PKI_ROOT/ca_name/certs/ and private keys in $PKI_ROOT/ca_name/keys/

For more info about available flags, checkout out the help easypki -h.

Disclaimer

This is not an official Google product.

About

Creating a certificate authority the easy way

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

GO111MODULE=on go get github.com/brimworks/easypki/cmd/easypki Latest
Aug 23, 2020
+ 1 release

Packages

No packages published

Languages

  • Go 99.3%
  • Shell 0.7%