C Meson Shell Dockerfile
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
subprojects Support statically linking popt on old OSes Jan 3, 2018
test Add clang-format and apply it Sep 20, 2017
.clang-format Add clang-format and apply it Sep 20, 2017
.gitignore Stop ignoring autoconf Jan 2, 2018
.travis.yml Fix Travis build Apr 30, 2018
README.md Add coverity banner Mar 16, 2017
config.h.in Switch to the meson build system Dec 18, 2017
meson.build Automatically reformat code during `ninja test` May 21, 2018


SSCG - Simple Signed Certificate Generator

Coverity Scan Build Status


x509 Certificates are complicated to get right. SSCG makes it easy to generate usable, signed certificates quickly without needing to understand complex openssl, certtool or certutil commands.

Quick Usage - Certificates Signed by a Private CA


This will produce a ca.crt and a pair of service.pem and service-key.pem files in the current directory, the latter of which is signed by the private key of the ca.crt. The CA's private key will be destroyed by default after these files are created, so nothing further can be signed by it. (See this blog post for details on why this is desirable.)

Certificates generated by SSCG will be valid by default for securing the current machine's hostname and no others. To add further names (such as for a multi-homed system), look at the --subject-alt-name argument below.

Full Usage

Usage of sscg:

Usage: sscg [OPTION...]
  -q, --quiet                                           Display no output unless there is an error.
  -v, --verbose                                         Display progress messages.
  -d, --debug                                           Enable logging of debug messages. Implies verbose. Warning! This will print
                                                        private key information to the screen!
  -V, --version                                         Display the version number and exit.
      --lifetime=1-3650                                 Certificate lifetime (days). (default: 3650)
      --country=US, CZ, etc.                            Certificate DN: Country (C). (default: "US")
      --state=Massachusetts, British Columbia, etc.     Certificate DN: State or Province (ST).
      --locality=Westford, Paris, etc.                  Certificate DN: Locality (L).
      --organization=My Company                         Certificate DN: Organization (O). (default: "Unspecified")
      --organizational-unit=Engineering, etc.           Certificate DN: Organizational Unit (OU).
      --hostname=server.example.com                     The valid hostname of the certificate. Must be an FQDN. (default: current system
      --subject-alt-name alt.example.com                Optional additional valid hostnames for the certificate. May be specified multiple
      --package=STRING                                  Unused. Retained for compatibility with earlier versions of sscg.
      --key-strength={512,1024,2048,4096}               Strength of the certificate private keys in bits. (default: 2048)
      --hash-alg={sha256,sha384,sha512}                 Hashing algorithm to use for signing. (default: sha256)
      --ca-file=STRING                                  Path where the public CA certificate will be stored. (default: "./ca.crt")
      --ca-key-file=STRING                              Path where the CA's private key will be stored. If unspecified, the key will be
                                                        destroyed rather than written to the disk.
      --cert-file=STRING                                Path where the public service certificate will be stored. (default "./service.pem")
      --cert-key-file=STRING                            Path where the service's private key will be stored. (default "service-key.pem")

Help options:
  -?, --help                                            Show this help message
      --usage                                           Display brief usage message