Filename: Private: No Yes Filetype: Auto ABAP Sophia Apex Azure CLI Batch Bicep C Cameligo Clojure CoffeeScript C++ C# CSP CSS Cypher Dart Dockerfile ECL Elixir Flow9 FreeMarker2 FreeMarker2 (Angle/Bracket) FreeMarker2 (Angle/Dollar) FreeMarker2 (Auto/Bracket) FreeMarker2 (Auto/Dollar) FreeMarker2 (Bracket/Bracket) FreeMarker2 (Bracket/Dollar) F# Go GraphQL Handlebars Terraform HTML Ini Java JavaScript Julia Kotlin Less Lexon Liquid Lua Modula-3 Markdown MDX MIPS DAX MySQL Objective-C Pascal Pascaligo Perl PostgreSQL PHP Plain text ATS PQ PowerShell Protobuf Pug Python Q# R Razor Redis Redshift ReStructuredText Ruby Rust Small Basic Scala Scheme Sass Shell Solidity SPARQL SQL StructuredText Swift SV Tcl Twig TypeScript TypeSpec Visual Basic V WebGPU Shading Language XML YAML Indentation: Spaces Tabs 1 2 3 4 5 6 7 8 Clone package commands import ( "crypto/ecdsa" "crypto/ed25519" "crypto/elliptic" "crypto/rand" "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/pem" "fmt" "math/big" "net" "os" "strings" "time" "github.com/spf13/cobra" "github.com/tzvetkoff-go/errors" ) // NewMkCertCommand ... func NewMkCertCommand() *cobra.Command { privKeyPath := "server.key.pem" certPath := "server.cert.pem" keyType := "p384" days := 3560 rsaBits := 4096 force := false cmd := &cobra.Command{ Use: "mkcert <Common Name> [Extra SANs]", Short: "Generates TLS certificates", Args: cobra.MinimumNArgs(1), RunE: func(cmd *cobra.Command, args []string) error { // Check if key/cert already exist if _, err := os.Stat(privKeyPath); err == nil { if !force { return errors.New("private key %s already exists", privKeyPath) } os.Remove(privKeyPath) } if _, err := os.Stat(certPath); err == nil { if !force { return errors.New("certificate %s already exists", certPath) } os.Remove(certPath) } // Common name is always present commonName := args[0] // Generate private/public key pair var privKey any var pubKey any var err error switch strings.ToLower(keyType) { case "rsa": privKey, err = rsa.GenerateKey(rand.Reader, rsaBits) pubKey = &privKey.(*rsa.PrivateKey).PublicKey case "25519", "ed25519": _, privKey, err = ed25519.GenerateKey(rand.Reader) pubKey = privKey.(ed25519.PrivateKey).Public() case "224", "p224", "secp224r1": privKey, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader) pubKey = &privKey.(*ecdsa.PrivateKey).PublicKey case "256", "p256", "secp256r1": privKey, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) pubKey = &privKey.(*ecdsa.PrivateKey).PublicKey case "384", "p384", "secp384r1": privKey, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader) pubKey = &privKey.(*ecdsa.PrivateKey).PublicKey case "521", "p521", "secp521r1": privKey, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader) pubKey = &privKey.(*ecdsa.PrivateKey).PublicKey default: return errors.New("unknown key type: %s", keyType) } // Only RSA keys should have KeyUsageKeyEncipherment keyUsage := x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign if _, isRSA := privKey.(*rsa.PrivateKey); isRSA { keyUsage |= x509.KeyUsageKeyEncipherment } // Figure out dates notBefore := time.Now() notAfter := notBefore.Add(time.Duration(days) * 24 * 60 * 60) // Generate serial number serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) if err != nil { return errors.Propagate(err, "failed to generate serial number") } // Build certificate template := &x509.Certificate{ SerialNumber: serialNumber, Subject: pkix.Name{ CommonName: commonName, }, NotBefore: notBefore, NotAfter: notAfter, KeyUsage: keyUsage, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, IsCA: true, } // Add SANs for _, arg := range args { if ip := net.ParseIP(arg); ip != nil { template.IPAddresses = append(template.IPAddresses, ip) } else { template.DNSNames = append(template.DNSNames, arg) } } // Write private key privKeyFile, err := os.OpenFile(privKeyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o755) if err != nil { return errors.Propagate(err, "could not open private key file") } defer privKeyFile.Close() privKeyBytes, err := x509.MarshalPKCS8PrivateKey(privKey) if err != nil { return errors.Propagate(err, "could not marshal private key") } if err := pem.Encode(privKeyFile, &pem.Block{Type: "PRIVATE KEY", Bytes: privKeyBytes}); err != nil { return errors.Propagate(err, "could not encode private key as pem") } // Write certificate certFile, err := os.OpenFile(certPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o755) if err != nil { return errors.Propagate(err, "could not open certificate file") } defer certFile.Close() certBytes, err := x509.CreateCertificate(rand.Reader, template, template, pubKey, privKey) if err != nil { return errors.Propagate(err, "could not create certificate") } if err := pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes}); err != nil { return errors.Propagate(err, "could not encode certificate as pem") } // Great success! fmt.Println("TLS private key written at", privKeyPath) fmt.Println("TLS certificate written at", certPath) return nil }, } cmd.Flags().BoolP("help", "h", false, "help message") _ = cmd.Flags().MarkHidden("help") cmd.Flags().StringVarP(&privKeyPath, "key", "k", privKeyPath, "Private key path") cmd.Flags().StringVarP(&certPath, "cert", "c", certPath, "Certificate path") cmd.Flags().StringVarP(&keyType, "type", "t", keyType, "Certificate type (rsa, ed25519, p224, p256, p384, p521)") cmd.Flags().IntVarP(&days, "days", "d", days, "Certificate validity in days") cmd.Flags().IntVarP(&rsaBits, "rsa-bits", "b", rsaBits, "RSA bits") cmd.Flags().BoolVarP(&force, "force", "f", force, "Force generation even if files already exist") return cmd } Paste
