A command line utility for managing X.509 identities.
Normally, X.509 identities are generated by a client then signed by a certificate authority. This multi-step process reduces the risk that private keys will be leaked. While this works very well in many situations, there are situations where it is acceptable for a certificate authority to generate the X.509 identities directly. Acert is targeted at these situations and provides an all-in-one utility for creating certificate authorities and issuing X.509 identities directly from those certificate authorities.
brew install greymatter-io/homebrew-greymatter/acertAcert uses Cobra so all commands support a help option (e.g., acert -h or acert --help). As a result, the following usage instructions only cover the top level use cases and do not attempt to provide descriptions of all options available.
To print the current version and commit for the acert binary run the following command:
acert version
Authorities represent the X.509 identities of certificate authorities and are required to in order to use Acert to issue X.509 leaf identities.
To create a certificate authority run the following command:
acert authorities create
Note that the output of this command is the shortened SHA256 hash of the authorities certificate (i.e., fingerprint) and is used to identify the authority.
For a full list of the options available when creating a certificate authority run the following command:
acert authorities create --help
To delete a certificate authority run the following command where FINGERPRINT is the SHA 256 fingerprint of the authority:
acert authorities delete FINGERPRINT
If you just want to delete everything, run:
rm -rf ~/.acert/*
To list the authorities run the following command:
acert authorities list
To export the pem encoded authorities for a certificate authority run the following command:
acert authorities export FINGERPRINT -f pem -t authority
To export the pem encoded certificate for a certificate authority run the following command:
acert authorities export FINGERPRINT -f pem -t certificate
To export the pem encoded key for a certificate authority run the following command:
acert authorities export FINGERPRINT -f pem -t key
For a full list of the options available when exporting a certificate authority run the following command:
acert authorities export --help
Leaves represent the X.509 identities of users or services and cannot issue identities.
To issue a leaf run the following command where FINGERPRINT is the SHA 256 fingerprint of the authority issuing the leaf:
acert authorities issue FINGERPRINT
For a full list of the options available when issuing a leaf run the following command:
acert authorities issue --help
To delete a leaf run the following command where FINGERPRINT is the SHA 256 fingerprint of the leaf:
acert leaves delete FINGERPRINT
To list the leaves run the following command:
acert leaves list
To export the pem encoded authorities for a leaf identity run the following command:
acert leaves export FINGERPRINT -f pem -t authority
To export the pem encoded certificate for a leaf identity run the following command:
acert leaves export FINGERPRINT -f pem -t certificate
To export the pem encoded key for a leaf identity run the following command:
acert leaves export FINGERPRINT -f pem -t key
For a full list of the options available when exporting a leaf run the following command:
acert leaves export --help
In order to build Acert the following dependencies are required.
- Go (1.13.0 or greater)
- Make (3.81 or greater)
In order to build a binary for the current operating system run the following command:
make build
Additionally, targets are provided for cross compilation to darwin, linux and windows (e.g., make build.darwin).
In order to test Acert run the following command:
make test
- Fork it
- Download your fork to your PC (
git clone https://github.com/your_username/acert && cd acert) - Create your feature branch (
git checkout -b my-new-feature) - Make changes and add them (
git add .) - Commit your changes (
git commit -m 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new pull request