Skip to content
Sign client certificates - openssl missing options
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
LICENSE.txt
README.md
gossl.go

README.md

gossl

##Sign client certificates - openssl missing options

A simple, self-contained, no dependencies tool written in Go to sign client certificates overcoming some limitations of openssl.

gossl --csr client.csr --cakey ca.key --cacrt ca.crt \
--out client.crt --from "Jan 2 15:04:05 2006" --period 365d

It does roughly the same thing as this openssl command:

openssl x509 -in client.csr -CAkey ca.key -CA ca.crt \
-out client.crt -set_serial 01 -sha256 -req -days 365 

The differences are:

  • does not depend on openssl, only Go standard library, compiled to standalone binary
  • can specify certificate start date (openssl always takes current time)
  • can specify certificate period in years, days, hours and minutes (in openssl shortest is 1 day)

You can inspect the generated certificate in human readable form with this command:

openssl x509 -text -noout -in client.crt

Compile from sources or grab the binary.

You can’t perform that action at this time.