rgca
mkcert
rgca | mkcert | |
---|---|---|
6 | 132 | |
2 | 45,821 | |
- | - | |
0.0 | 2.7 | |
over 1 year ago | 18 days ago | |
Python | Go | |
Creative Commons Zero v1.0 Universal | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rgca
-
Running one’s own root Certificate Authority in 2023
Shameless plug, there's also https://github.com/linsomniac/rgca
I've been using it at work for the last year for our certs and it's been quite nice. It can do pre/post hooks as well, so it directly commits the updated CA serial files to our git repo.
-
Ask HN: Tools you have built for yourself?
I built a TLS certificate tool targeted towards my company usecase for internal certificates (developers, OpenVPN, internal certificates): https://github.com/linsomniac/rgca
It's big features are that the cert generation can entirely be controlled from the command line, config, or environment, or any combination of the above, and it has tooling for the situation where I have an existing cert but want to add or remove a name from it. It also has pre/post scripts so I can have it do things like add it to the Ansible repo, vault encrypt it, and commit it. Beats the 10+ year old script that didn't work with Subject Alt Names.
-
Do you guys use Python classes in your day-to-day devops code?
Over the last year I've written several CLIs in click and typed and settles on typer because there's a little less repetition. Typer let me do some really nice things in my certificate generation tool like chaining multiple config files, the environment, and the command line to create certs. https://github.com/linsomniac/rgca
-
Ask HN: What Are You Working On? (September 2022)
I've always found the OpenSSL tools painful for managing internal self-signed certificates. At work we make fairly heavy use of them, and are starting to make even heavier use. Our use is more than EasyRSA can provide. So I've been working on a new CA tool:
https://github.com/linsomniac/rgca
In a nod to OpenSSL config files, it can take almost all values: from the command line, from the environment, or from one or more config files. It also allows "pre" and "post" commands so you can run a script after generating the cert, for example for server certs I have a "post" script that will copy it into the appropriate location in the Ansible repo, encrypt the key file, and commit it all.
I still need to implement a "renew" which will take an existing cert, update the expiration date, but also allow adding/removing SANs, possibly other features. But I've been using it to generate all our certs recently and it's working great.
-
Feedback on a Self-signed SSL CA?
At work we use self-signed certificates for internal and developer use. I inherited some scripts that wrapped the openssl CLI but weren't supporting new uses like the prevalence of Subject Alternatives Names. So I reimagined it and have published what I have so far here: https://github.com/linsomniac/rgca With an appropriate config file, the typical use would be: rgca ca new example.com rgca cert new user1.example.com rgca cert new --san test.example.com --san test2.example.com user2.example.com Basically everything can be configured by settings in (possibly multiple) config files, environment variables, and CLI options. Expected use is that things like the subject values (country, state, locality, email) are set in the config file, so the CLI can be short. Instead of: rgca cert new --C US --ST Colorado --L Fort Collins [...] It should be compatible with existing CA setups with OpenSSL CLI tools, it writes the "serial" and "index.txt" files. Looking for feedback on the direction this is going in. Thanks!
-
If OpenSSL Were a GUI
It can also run pre and post scripts to, say update your serial/index in git, and deploy keys to the server, say you are rekeying every 30 days...
Interested in feedback.
https://github.com/linsomniac/rgca
mkcert
-
HTTPS on Localhost with Next.js
The experimental HTTPS flag relies on mkcert, designed for a single development system. If you run a Docker container, the flag won’t configure your local browser to trust its certificate.
- Mkcert: Simple zero-config tool to make locally trusted development certificates
- Mkcert: Simple tool to make locally trusted dev certificates names you'd like
-
You Can't Follow Me
The author mentions difficulties with HTTPS and trying stuff locally.
I've had some success with mkcert [1] to easily create certificates trusted by browsers, I can suggest to look into this. You are your own root CA, I think it can work without an internet connection.
[1] https://github.com/FiloSottile/mkcert/
- SSL Certificates for Home Network
-
Simplifying Localhost HTTPS Setup with mkcert and stunnel
Solution: mkcert – Your Zero-Configuration HTTPS Enabler Meet mkcert, a user-friendly, zero-configuration tool designed for creating locally-trusted development certificates. Find it on its GitHub page and follow the instructions tailored for your operating system. For Mac users employing Homebrew, simply execute the following commands in your terminal:
-
10 reasons you should quit your HTTP client
Well, Certifi does not ship with your company's certificates! So requesting internal services may come with additional painful extra steps! Also for a local development environment that uses mkcert for example!
-
Show HN: Anchor – developer-friendly private CAs for internal TLS
My project, getlocalcert.net[1] may be the one you're thinking of.
Since I'm also building in this space, I'll give my perspective. Local certificate generation is complicated. If you spend the time, you can figure it out, but it's begging for a simpler solution. You can use tools like mkcert[2] for anything that's local to your machine. However, if you're already using ACME in production, maybe you'd prefer to use ACME locally? I think that's what Anchor offers, a unified approach.
There's a couple references in the Anchor blog about solving the distribution problem by building better tooling[3]. I'm eager to learn more, that's a tough nut to crack. My theory for getlocalcert is that the distribution problem is too difficult (for me) to solve, so I layer the tool on top of Let's Encrypt certificates instead. The end result for both tools is a trusted TLS certificate issued via ACME automation.
1. https://news.ycombinator.com/item?id=36674224
2. https://github.com/FiloSottile/mkcert
3. https://blog.anchor.dev/the-acme-gap-introducing-anchor-part...
-
Running one’s own root Certificate Authority in 2023
Looks like step-ca/step-cli [1] and mkcert [2] have been mentioned. Another related tool is XCA [3] - a gui tool to manage CAs and server/client TLS certificates. It takes off some of the tedium in using openssl cli directly. It also stores the certs and keys in an encrypted database. It doesn't solve the problem of getting the root CA certificate into the system store or of hosting the revocation list. I use XCA to create and store the root CA. Intermediate CAs signed with it are passed to other issuers like vault and step-issuer.
[1] https://smallstep.com/docs/step-ca/
[2] https://github.com/FiloSottile/mkcert
[3] https://hohnstaedt.de/xca/
-
Show HN: Local development with .local domains and HTTPS
We use mkcert for this, it works wonderfully.
https://github.com/FiloSottile/mkcert
What are some alternatives?
hckrweb - Hcker News mobile web app
minica - minica is a small, simple CA intended for use in situations where the CA operator also operates each host where a certificate will be used.
pashword - 🔒 Pashword - Never forget passwords ever again! Free and Open Source Hashed Password Generator
nginx-docker-ssl-proxy - A docker way to access localhost:8081 from https://local.dev
cfssl - CFSSL: Cloudflare's PKI and TLS toolkit
certificates - 🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
gitgrep - Lightning fast code searching made easy
gosumemory - Cross-Platform memory reader for osu!
daemon - a personal web server, one line of config to add a reverse proxy
rustls - A modern TLS library in Rust
hackerer-news
uvicorn - An ASGI web server, for Python. 🦄