EnglishFrenchGermanPolishSpanishTurkishRussianItalianDutchDutch

gossl - sign client certificates without openssl

Overview

A simple, self-contained, no dependencies tool written in Go to sign client certificates.

gossl --csr client.csr --cakey ca.key --cacrt ca.crt \
--out client.crt --from "Jan 2 15:04:05 2006" --period 365d

It does roughly the same thing as this openssl command:

openssl x509 -in client.csr -CAkey ca.key -CA ca.crt \
-out client.crt -set_serial 01 -sha256 -req -days 365 

The differences are:

You can inspect the generated certificate in human readable form with this command:

openssl x509 -text -noout -in client.crt

Other examples

Sign CSR creating certificate valid in the future for one week

gossl --csr client.csr --cakey ca.key --cacrt ca.crt \
--out client.crt --from "Jan 2 15:04:05 2030" --period 7d

Sign CSR creating certificate valid from now for 24 hours

gossl --csr client.csr --cakey ca.key --cacrt ca.crt \
--out client.crt --period 24h

Sign CSR creating certificate valid since past date for 20 years

gossl --csr client.csr --cakey ca.key --cacrt ca.crt \
--out client.crt --from "Jan 2 15:04:05 2000" --period 20y

Compile from sources or grab the binary.