0

easypki

Creating a certificate authority the easy way

Github repo
Main metrics
  • Owner: google/easypki
  • Platform:
  • License:: Apache License 2.0
  • Category::
  • Topic:
  • Like:
    0
      Compare:

Github stars Tracking Chart

Build Status
codecov

easypki

Easy Public Key Infrastructure intends to provide most of the components needed
to manage a PKI, so you can either use the API in your automation, or use the
CLI.

API

godoc

For the latest API:

import "gopkg.in/google/easypki.v1"

Legacy API

API below pkg/ has been rewritten to allow extensibility in terms of PKI
storage and better readability.

If you used the legacy API that was only writing files to disk, a tag has been
applied so you can still import it:

import "gopkg.in/google/easypki.v0"

CLI

Current implementation of the CLI uses the local store and uses a structure
compatible with openssl, so you are not restrained.

# Get the CLI:
go get github.com/google/easypki/cmd/easypki


# You can also pass the following through arguments if you do not want to use
# env variables.
export PKI_ROOT=/tmp/pki
export PKI_ORGANIZATION="Acme Inc."
export PKI_ORGANIZATIONAL_UNIT=IT
export PKI_COUNTRY=US
export PKI_LOCALITY="Agloe"
export PKI_PROVINCE="New York"

mkdir $PKI_ROOT

# Create the root CA:
easypki create --filename root --ca "Acme Inc. Certificate Authority"

# In the following commands, ca-name corresponds to the filename containing
# the CA.

# Create a server certificate for blog.acme.com and www.acme.com:
easypki create --ca-name root --dns blog.acme.com --dns www.acme.com www.acme.com

# Create an intermediate CA:
easypki create --ca-name root --filename intermediate --intermediate "Acme Inc. - Internal CA"

# Create a wildcard certificate for internal use, signed by the intermediate ca:
easypki create --ca-name intermediate --dns "*.internal.acme.com" "*.internal.acme.com"

# Create a client certificate:
easypki create --ca-name intermediate --client --email bob@acme.com bob@acme.com

# Revoke the www certificate.
easypki revoke $PKI_ROOT/root/certs/www.acme.com.crt

# Generate a CRL expiring in 1 day (PEM Output on stdout):
easypki crl --ca-name root --expire 1

You will find the generated certificates in $PKI_ROOT/ca_name/certs/ and
private keys in $PKI_ROOT/ca_name/keys/

For more info about available flags, checkout out the help easypki -h.

Disclaimer

This is not an official Google product.

Main metrics

Overview
Name With Ownergoogle/easypki
Primary LanguageGo
Program languageGo (Language Count: 3)
Platform
License:Apache License 2.0
所有者活动
Created At2015-10-08 13:04:02
Pushed At2023-03-21 23:30:23
Last Commit At2017-02-17 11:15:40
Release Count3
Last Release Namev1.1.0 (Posted on )
First Release Namev0.1.1 (Posted on )
用户参与
Stargazers Count591
Watchers Count29
Fork Count107
Commits Count38
Has Issues Enabled
Issues Count11
Issue Open Count6
Pull Requests Count2
Pull Requests Open Count2
Pull Requests Close Count1
项目设置
Has Wiki Enabled
Is Archived
Is Fork
Is Locked
Is Mirror
Is Private