selfcert

package module

v0.1.0 Latest Latest Go to latest Published: Nov 7, 2025 License: BlueOak-1.0.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/jsumners/go-selfcert

Links

Open Source Insights

README ¶

selfcert

This is a library and CLI tool for generating self-signed TLS certificates. It is a port of self-cert with some minor improvements.

Example

selfcert --expires 2050-04-01 --domains foo.example.com,bar.example.com > cert.pem

Installation

Library

go get https://github.com/jsumners/go-selfcert@latest

Go Install

This tool can be installed through Go's install command:

go install github.com/jsumners/go-selfcert@latest

Manual Install

Navigate to the releases page.
Download the tarball associated with your platform.
Extract the tarball and place the binary in a directory within your PATH.

Contributing

Clone repo
go mod tidy
go tool task --list-all to see available tasks

Open a PR with your changes.

License

Blue Oak Model License 1.0.0

Documentation ¶

Index ¶

type CertConfig
- func NewCertConfig() CertConfig
type CertificatePair
- func NewCertificate(config CertConfig) (*CertificatePair, error)
- func (cp CertificatePair) String() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CertConfig ¶

type CertConfig struct {
	// Bits represents the cipher strength for the generated certificate.
	// Examples: 2048 or 4096.
	Bits int
	// Subject represents all of the issuer contact details, e.g. locality,
	// state/province, and common name.
	Subject pkix.Name
	// Expires represents the time and date that the certificate is valid until.
	Expires time.Time
	// Hostnames is a set of alternative names that the certificate will
	// work for.
	Hostnames []string
	// IPAddresses is a set of alternate IP addresses the certificate will
	// work for.
	IPAddresses []net.IP
}

CertConfig provides the necessary input information required to generate a valid TLS certificate.

func NewCertConfig ¶

func NewCertConfig() CertConfig

NewCertConfig creates a new CertConfig with all of the required details filled in to workable defaults. It will add _all_ found local IP addresses as alternative IP addresses. It will also add the os.Hostname and "localhost" as valid alternate names. The expires date will be set to 20 years from the current time.

type CertificatePair ¶

type CertificatePair struct {
	Certificate    tls.Certificate
	PrivateKeyPEM  []byte
	PublicKeyPEM   []byte
	CertificatePEM []byte
}

CertificatePair represents the final TLS certificate data as constituent parts.

func NewCertificate ¶

func NewCertificate(config CertConfig) (*CertificatePair, error)

NewCertificate generates a new self-signed TLS certificate.

func (CertificatePair) String ¶

func (cp CertificatePair) String() string

String renders the TLS cert as a set of PEM blocks suitable for writing to stdout or to a file.

Source Files ¶

View all Source files

cert.go

Directories ¶

Path	Synopsis
cmd
selfcert command
internal
misc

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL