PenaDevops/mkcert
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
165 Commits 1 Branch 0 Tags 1.8 MiB
master
Commit Graph

36 Commits

Author SHA1 Message Date
Pei-Tang Huang
abde85bb26
Correct failed to save CA certificate message (#399) 2022-04-26 11:51:39 -04:00
Filippo Valsorda
e4df8ab302 Print the right hosts when a CSR doesn't have SANs 
Close #344
Fixes #318
 2022-04-25 20:05:46 +02:00
Filippo Valsorda
9c196b6cdb Make CSR code match standard certificate generation 2020-10-27 12:54:36 +01:00
Filippo Valsorda
e28ee7df01 Simplify EKU logic 
With -client, you get clientAuth. With a non-email SAN, you also get
serverAuth. With an email SAN, you also get emailProtection.
 2020-10-27 12:51:28 +01:00
Filippo Valsorda
9f583c670f Drop codeSigning EKU from certificates with email SANs 
Unclear how those are correlated.
If it breaks something we can put it back.

Fixes #303
 2020-10-27 12:34:41 +01:00
Martin Tournoij
c12e24244a
Don't overwrite the -key-file if it's identical to -cert-file (#264) 
Especially for testing I find it much more convenient to just store both
the key and certificate in a single file, which works with pretty much
all software I've used.

Currently, the -cert-file will overwrite the -key-file since it uses
ioutil.WriteFile(). This fixes it to *append* if the files are
identical.

Co-authored-by: Filippo Valsorda <github@filippo.io>
 2020-10-27 12:34:17 +01:00
Filippo Valsorda
167867a226 Drop Apple 825-days rule bypass, shorten and print expiration 
Closes #299
Closes #271
 2020-10-26 00:25:26 +01:00
Filippo Valsorda
e8068235db Hide the CA path in normal operation 
Most users don't need to interact with it, and it's important they don't
share the rootCA-key.pem file, so let's not lead them there in the first
place. Advanced users can still use "mkcert -CAROOT".

Fixes #282
 2020-10-26 00:25:26 +01:00
Filippo Valsorda
ea8260d0d9 Accept "NEW CERTIFICATE REQUEST" PEM headers 
Fixes #301
 2020-10-26 00:25:26 +01:00
Filippo Valsorda
df15e0c1ef Backdate notBefore to support macOS Catalina 
Updates #174
 2019-07-06 19:12:45 -03:00
Robert Panzer
c2b30c48f1 Add support for URL SANs (#166) 2019-07-05 01:16:19 -03:00
Robert Panzer
574ea52743 Add serverAuth EKU to client certs for Service Mesh mTLS setups 2019-06-17 11:02:53 -04:00
Filippo Valsorda
e9f8fbcdf4 cert: use os.Hostname for the OU, and add the long form user name 
The output of the hostname command on Windows is probably UTF-16, but
instead of figuring out its edge cases, switch to the syscall on every
platform.

Fixes #96
Closes #142
 2019-06-02 12:15:03 +01:00
Filippo Valsorda
74ab68812e Fix and add missing license headers 2019-06-01 14:58:20 +01:00
Filippo Valsorda
245b2732c8 Cleanup path logics with pathExists and binaryExists 2019-06-01 14:55:58 +01:00
Ben Toews
0d4cf75db8 Allow email SANs for S/MIME certificates (#152) 2019-04-11 22:59:44 -04:00
David Crawshaw
c03e3ceaca Swap exec.Command("hostname") for os.Hostname() (#137) 2019-02-15 21:11:46 +01:00
Filippo Valsorda
9e9563535e
Add a -client suffix to filenames when generating client certificates 2019-02-05 14:19:51 -05:00
Filippo Valsorda
99e15e29f9 Add support for certificate signing requests with -csr 
Closes #55
 2019-02-02 18:51:24 -05:00
John Downey
66af5a51f6 Add support for client certificates with -client 
Fixes #125
Closes #89
 2019-02-02 16:26:21 -05:00
Filippo Valsorda
5bb0c47df7 Add -ecdsa for generating certificates with ECDSA keys 
Fixes #118
 2019-02-02 16:26:21 -05:00
Filippo Valsorda
50b8c9f09f Set the CommonName when generating PKCS#12 files 
Fixes #115
 2019-02-02 16:26:21 -05:00
Filippo Valsorda
da4da8a4bc Refactor output path flags 2019-01-06 19:07:18 -05:00
单元源
5ea72c377d Add -cert-file, -key-file and -p12-file (#77) 2019-01-06 19:07:18 -05:00
Filippo Valsorda
0d0636e824 Print a warning about wildcard depth in X.509 
Fixes #60
 2019-01-06 18:23:59 -05:00
Filippo Valsorda
6060e206a4 Document the hardcoded PKCS#12 password 
PKCS#12 encryption is legacy and we don't want to encourage relying on
it by making the password configurable. Some systems require the default
"changeit", so stick with that.

Fixes #86
Closes #58
Closes #87
 2019-01-06 17:38:49 -05:00
Filippo Valsorda
060fcce2db Put PKCS#12 behind a flag, and check in the vendored dependency 2018-08-12 23:29:13 -04:00
linux_china
6be76ae477 Add PKCS#12 generation with default password changeit 
Merges #34
Fixes #20
 2018-08-12 23:29:02 -04:00
Filippo Valsorda
676d4cdf6b Add a CommonName field to the CA to work-around iOS UI bug 
Fixes #47
 2018-07-30 03:38:23 +02:00
Filippo Valsorda
9e258bad93 Add a SubjectKeyId to the root CA 
Not really useful for #47, but good to have and a RFC 5280 MUST.

See https://twitter.com/FiloSottile/status/1023564776834826240
 2018-07-30 03:38:23 +02:00
Filippo Valsorda
564b41305c Polish Linux system store support 2018-07-04 00:06:50 -04:00
Filippo Valsorda
bf4af2d977 Add user@hostname to the OU, and set NotBefore to now 
This will help figuring out where and when a certificate was created.

Fixes #31
 2018-07-03 19:52:18 -04:00
Filippo Valsorda
c4f873a371 Add a warning for second-level wildcards 
Fixes #30
 2018-07-03 17:17:11 -04:00
Filippo Valsorda
e4c5c312a7 Add Firefox support 
Fixes #6
 2018-06-28 01:29:20 -04:00
Filippo Valsorda
7544098b30 Make private keys writeable 
Read-only is too much hassle for expendable dev keys
 2018-06-28 01:03:31 -04:00
Filippo Valsorda
d6aab07a4c Split off certificate generation code 2018-06-27 23:43:51 -04:00