Skip to content
Utility to generate a TLS Certificate.
Branch: master
Clone or download
Latest commit e8bb0f7 Mar 20, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci Update config.yml Mar 3, 2019
LICENSE Create LICENSE Mar 20, 2019 Update Mar 4, 2019
genCert.go added gencert files Jan 19, 2019


Generate a TLS certificate

go get -v
cd ~/go/src/
go build
./genCert --help
Usage of ./genCert:
    	whether this cert should be its own Certificate Authority
  -duration duration
    	Duration that certificate is valid for (default 8760h0m0s)
  -ecdsa-curve string
    	ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521
  -host string
    	Comma-separated hostnames and IPs to generate a certificate for
  -rsa-bits int
    	Size of RSA key to generate. Ignored if --ecdsa-curve is set (default 2048)
  -start-date string
    	Creation date formatted as Jan 1 15:04:05 2011

Example Certificate:

./genCert --ca --ecdsa-curve P384 --host example.tld

This will result in the PrivateKey key.pem and the TLS-Certificate cert.pem

Note: The PrivateKey should be kept PRIVATE, if the PrivateKey is disclosed an attacker is able to:

  • imperson you
  • decrypt your traffic
  • etc.

Generate TLS certificate for ToRat

cd ~/go/src/
go run genCert.go --ca --host youronionadresshere.onion
cp *.pem ~/go/src/
cat cert.pem

This will result in key.pem and cert.pem Then you need to change the cert in the serverCert var in ~/go/src/ to the content of cert.pem.


You can’t perform that action at this time.