Skip to content
Sign client certificates - openssl missing options
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


##Sign client certificates - openssl missing options

A simple, self-contained, no dependencies tool written in Go to sign client certificates overcoming some limitations of openssl.

gossl --csr client.csr --cakey ca.key --cacrt ca.crt \
--out client.crt --from "Jan 2 15:04:05 2006" --period 365d

It does roughly the same thing as this openssl command:

openssl x509 -in client.csr -CAkey ca.key -CA ca.crt \
-out client.crt -set_serial 01 -sha256 -req -days 365 

The differences are:

  • does not depend on openssl, only Go standard library, compiled to standalone binary
  • can specify certificate start date (openssl always takes current time)
  • can specify certificate period in years, days, hours and minutes (in openssl shortest is 1 day)

You can inspect the generated certificate in human readable form with this command:

openssl x509 -text -noout -in client.crt

Compile from sources or grab the binary.

You can’t perform that action at this time.