Acert
A command line utility for managing X.509 identities.
Overview
Normally, X.509 identities are generated by a client then signed by a certificate authority. This multi-step process reduces the risk that private keys will be leaked. While this works very well in many situations, there are situations where it is acceptable for a certificate authority to generate the X.509 identities directly. Acert is targeted at these situations and provides an all-in-one utility for creating certificate authorities and issuing X.509 identities directly from those certificate authorities.
Usage
Acert uses Cobra so all commands support a help option (e.g., acert -h
or acert --help
). As a result, the following usage instructions only cover the top level use cases and do not attempt to provide descriptions of all options available.
Version
To print the current version and commit for the acert binary run the following command:
acert version
Authorities
Authorities represent the X.509 identities of certificate authorities and are required to in order to use Acert to issue X.509 leaf identities.
Creating
To create a certificate authority run the following command:
acert authorities create
Note that the output of this command is the shortened SHA256 hash of the authorities certificate (i.e., fingerprint) and is used to identify the authority.
For a full list of the options available when creating a certificate authority run the following command:
acert authorities create --help
Deleting
To delete a certificate authority run the following command where FINGERPRINT is the SHA 256 fingerprint of the authority:
acert authorities delete FINGERPRINT
Listing
To list the authorities run the following command:
acert authorities list
Exporting
To export the pem encoded authorities for a certificate authority run the following command:
acert authorities export FINGERPRINT -f pem -t authority
To export the pem encoded certificate for a certificate authority run the following command:
acert authorities export FINGERPRINT -f pem -t certificate
To export the pem encoded key for a certificate authority run the following command:
acert authorities export FINGERPRINT -f pem -t key
For a full list of the options available when exporting a certificate authority run the following command:
acert authorities export --help
Leaves
Leaves represent the X.509 identities of users or services and cannot issue identities.
Issuing
To issue a leaf run the following command where FINGERPRINT is the SHA 256 fingerprint of the authority issuing the leaf:
acert authorities issue FINGERPRINT
For a full list of the options available when issuing a leaf run the following command:
acert authorities issue --help
Deleting
To delete a leaf run the following command where FINGERPRINT is the SHA 256 fingerprint of the leaf:
acert leaves delete FINGERPRINT
Listing
To list the leaves run the following command:
acert leaves list
Exporting
To export the pem encoded authorities for a leaf identity run the following command:
acert leaves export FINGERPRINT -f pem -t authority
To export the pem encoded certificate for a leaf identity run the following command:
acert leaves export FINGERPRINT -f pem -t certificate
To export the pem encoded key for a leaf identity run the following command:
acert leaves export FINGERPRINT -f pem -t key
For a full list of the options available when exporting a leaf run the following command:
acert leaves export --help
Building
Dependencies
In order to build Acert the following dependencies are required.
- Go (1.13.0 or greater)
- Make (3.81 or greater)
Build
In order to build a binary for the current operating system run the following command:
make build
Additionally, targets are provided for cross compilation to darwin, linux and windows (e.g., make build.darwin
).
Testing
In order to test Acert run the following command:
make test
Contributing
- Fork it
- Download your fork to your PC (
git clone https://github.com/your_username/acert && cd acert
)
- Create your feature branch (
git checkout -b my-new-feature
)
- Make changes and add them (
git add .
)
- Commit your changes (
git commit -m 'Add some feature'
)
- Push to the branch (
git push origin my-new-feature
)
- Create new pull request