Skip to content
forked from jsha/minica

minica is a small, simple CA intended for use in situations where the CA operator also operates each host where a certificate will be used.

License

Notifications You must be signed in to change notification settings

mrtvfuencxozd/minica

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 

Repository files navigation

Minica is a simple CA intended for use in situations where the CA operator also operates each host where a certificate will be used. It automatically generates both a key and a certificate when asked to produce a certificate. It does not offer OCSP or CRL services. Minica is appropriate, for instance, for generating certificates for RPC systems or microservices.

On first run, minica will generate a keypair and a root certificate in the current directory, and will reuse that same keypair and root certificate unless they are deleted.

On each run, minica will generate a new keypair and sign an end-entity (leaf) certificate for that keypair. The certificate will contain a list of DNS names and/or IP addresses from the command line flags. The key and certificate are placed in a new directory whose name is chosen as the first domain name from the certificate, or the first IP address if no domain names are present. It will not overwrite existing keys or certificates.

The certificate will have a validity of 90 years.

Installation

First, install the Go tools and set up your $GOPATH. Then, run:

go get github.com/jsha/minica

Example usage

# Generate a root key and cert in minica-key.pem, and minica.pem, then
# generate and sign an end-entity key and cert, storing them in ./foo.com/
$ minica --domains foo.com

About

minica is a small, simple CA intended for use in situations where the CA operator also operates each host where a certificate will be used.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 100.0%