PenaDevops/mkcert
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add user@hostname to the OU, and set NotBefore to now

Browse Source 
This will help figuring out where and when a certificate was created.

Fixes #31
This commit is contained in:
Filippo Valsorda 2018-07-03 19:52:18 -04:00
parent bf29b706fc
commit bf4af2d977
2 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
cert.go
View File

@ -11,6 +11,8 @@ import (
"math/big" "math/big"
"net" "net"
"os" "os"
"os/exec"
"os/user"
"path/filepath" "path/filepath"
"regexp" "regexp"
"strconv" "strconv"
@ -18,8 +20,15 @@ import (
"time" "time"
) )
var rootSubject = pkix.Name{ var userAndHostname string
Organization: []string{"mkcert development CA"},
func init() {
u, _ := user.Current()
if u != nil {
userAndHostname = u.Username + "@"
}
out, _ := exec.Command("hostname").Output()
userAndHostname += strings.TrimSpace(string(out))
} }
func (m *mkcert) makeCert(hosts []string) { func (m *mkcert) makeCert(hosts []string) {
@ -37,11 +46,12 @@ func (m *mkcert) makeCert(hosts []string) {
tpl := &x509.Certificate{ tpl := &x509.Certificate{
SerialNumber: serialNumber, SerialNumber: serialNumber,
Subject: pkix.Name{ Subject: pkix.Name{
Organization: []string{"mkcert development certificate"}, Organization: []string{"mkcert development certificate"},
OrganizationalUnit: []string{userAndHostname},
}, },
NotAfter: time.Now().AddDate(10, 0, 0), NotAfter: time.Now().AddDate(10, 0, 0),
NotBefore: time.Now().AddDate(0, 0, -1), NotBefore: time.Now(),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
@ -127,10 +137,13 @@ func (m *mkcert) newCA() {
tpl := &x509.Certificate{ tpl := &x509.Certificate{
SerialNumber: serialNumber, SerialNumber: serialNumber,
Subject: rootSubject, Subject: pkix.Name{
Organization: []string{"mkcert development CA"},
OrganizationalUnit: []string{userAndHostname},
},
NotAfter: time.Now().AddDate(10, 0, 0), NotAfter: time.Now().AddDate(10, 0, 0),
NotBefore: time.Now().AddDate(0, 0, -1), NotBefore: time.Now(),
KeyUsage: x509.KeyUsageCertSign, KeyUsage: x509.KeyUsageCertSign,

2
truststore_darwin.go
View File

@ -72,7 +72,7 @@ func (m *mkcert) installPlatform() {
_, err = plist.Unmarshal(plistData, &plistRoot) _, err = plist.Unmarshal(plistData, &plistRoot)
fatalIfErr(err, "failed to parse trust settings") fatalIfErr(err, "failed to parse trust settings")
rootSubjectASN1, _ := asn1.Marshal(rootSubject.ToRDNSequence()) rootSubjectASN1, _ := asn1.Marshal(m.caCert.Subject.ToRDNSequence())
if plistRoot["trustVersion"].(uint64) != 1 { if plistRoot["trustVersion"].(uint64) != 1 {
log.Fatalln("ERROR: unsupported trust settings version:", plistRoot["trustVersion"]) log.Fatalln("ERROR: unsupported trust settings version:", plistRoot["trustVersion"])