TLS certificate management
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
commands
script
test/integration
utils
vendor
version
.gitignore
Dockerfile
Dockerfile.auto
Dockerfile.build
Makefile
main.go
readme.md
vendor.conf

readme.md

CertM

CertM is a simple tool to generate TLS certificates and keys.

Usage

Show Help

docker run --rm ehazlett/certm -h

Generate CA

docker run --rm -v $(pwd)/certs:/certs ehazlett/certm -d /certs ca generate -o=local

This will generate a CA with the organization "local".

Generate server certificate

docker run --rm -v $(pwd)/certs:/certs ehazlett/certm -d /certs server generate --host localhost --host 127.0.0.1 -o=local

This will generate a server certificate with a SAN of "localhost" and an IP SAN of "127.0.0.1" with the organization "local".

Generate client certificate

docker run --rm -v $(pwd)/certs:/certs ehazlett/certm -d /certs client generate --common-name=ehazlett -o=local

This will generate a client certificate with the common name of "ehazlett".

Generate CA, server and client certificates / keys

docker run --rm -v $(pwd)/certs:/certs ehazlett/certm -d /certs bundle generate --host 127.0.0.1 -o=local

This will generate a CA using the org "local", a server certificate with an IP SAN of "127.0.0.1" and a client certificate.

Generate CA, client and server certificates/keys

docker run --rm -v $(pwd)/certs:/certs ehazlett/certm -d /certs bundle generate -o=local --host localhost --host 127.0.0.1 --host foo.local

This will generate a CA using the org "local", a client cert, and a server certificate that is valid using the DNS names "localhost" and "foo.local" as well as the IP "127.0.0.1"

Server cert can be used for swarm and has cert extensions for both docker server and client.

Integration Tests

To run integration tests, use ./script/test. This will run the integration tests in a container to validate proper usage.