Quick and easy X.509 certificate generator for SSL/TLS utilizing local PKI
Project description
quickcerts
Quick and easy X.509 certificate generator for SSL/TLS utilizing local PKI
:heart: :heart: :heart:
You can say thanks to the author by donations to these wallets:
- ETH:
0xB71250010e8beC90C5f9ddF408251eBA9dD7320e - BTC:
- Legacy:
1N89PRvG1CSsUk9sxKwBwudN6TjTPQ1N8a - Segwit:
bc1qc0hcyxc000qf0ketv4r44ld7dlgmmu73rtlntw
- Legacy:
Features
- Easy to use.
- Genarates both client and server certificates.
- Produces certificates with proper attributes (Key Usage, Extended Key Usage, Authority Key Identifier, Subject Key Identifier and so on).
- Supports certificates with multiple domain names (SAN, SubjectAlternativeName).
- Supports wildcard certificates.
- Generates PKCS12 (.pfx, .p12) as well
Requirements
- Python 3.4+
- cryptography 1.6+
Installation
From source
Run this command within source directory:
pip3 install .
From PyPI
pip3 install quickcerts
Snap Store
sudo snap install quickcerts
Docker
For deployment with Docker see "Docker" section below.
Usage example
quickcerts -D *.example.com example.com -D www.example2.com example2.com mx.example2.com -C "John Doe" -C "Jane Doe"
quickcerts -D localhost 127.0.0.1
These commands will produce following files in current directory:
- CA certificate and key
- Two server certificates having multiple DNS names or IP addresses in SubjectAlternativeName fields and keys for that certificates.
- Two client certificates for CN="John Doe" and CN="Jane Doe" (and keys for them).
Consequent invokations will reuse created CA.
Docker
Also you may run this application with Docker:
docker run -it --rm -v "$(pwd)/certs:/certs" \
yarmak/quickcerts -D server -C client1 -C client2 -C client3
In this example CA and certificates will be created in ./certs directory.
Synopsis
$ quickcerts --help
usage: quickcerts [-h] [-o OUTPUT_DIR] [-k KEY_SIZE] [--kdf-rounds KDF_ROUNDS]
[-D DOMAINS [DOMAINS ...]] [-C CLIENT] [-P PASSWORD]
Generate RSA certificates signed by common self-signed CA
options:
-h, --help show this help message and exit
-o OUTPUT_DIR, --output-dir OUTPUT_DIR
location of certificates output (default: .)
-k KEY_SIZE, --key-size KEY_SIZE
RSA key size used for all certificates (default: 2048)
--kdf-rounds KDF_ROUNDS
number of KDF rounds (default: 50000)
-D DOMAINS [DOMAINS ...], --domains DOMAINS [DOMAINS ...]
Generate server certificate which covers following
domains or IP addresses delimited by spaces. First one
will be set as CN. Option can be used multiple times.
(default: None)
-C CLIENT, --client CLIENT
Generate client certificate with following name.
(default: None)
-P PASSWORD, --password PASSWORD
password for newly generated .pfx files (default:
password)
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
quickcerts-1.2.0.tar.gz
(6.4 kB
view details)
Built Distribution
File details
Details for the file quickcerts-1.2.0.tar.gz.
File metadata
- Download URL: quickcerts-1.2.0.tar.gz
- Upload date:
- Size: 6.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5c083ad9a6226f4ea74a3ca444d2dfbd2e8e1525b8df68eaa3a549f6ed0f4da1 |
|
| MD5 | ed7b71f11e5b8879e05d6e331a4c3120 |
|
| BLAKE2b-256 | 36fe5880c8a2d8974a3f3afe3c7d880395a55271475c6ab5677827a74554c98d |
File details
Details for the file quickcerts-1.2.0-py3-none-any.whl.
File metadata
- Download URL: quickcerts-1.2.0-py3-none-any.whl
- Upload date:
- Size: 7.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4a66c90fcb6fa6b25b37dca99046163931af09928a5a7049452719c05be28fb3 |
|
| MD5 | 93b8861f0386eaf69ad0b8fdd2f713b7 |
|
| BLAKE2b-256 | 3b4dc27b4b6c90e506d8273a9fed3f221727e897bbf97f6a54b8bead66e4b065 |
