# Packages
# README
SimplCERT
The certificate manager is meant to easily generate keys pairs for mTLS purposes. It will generate it's own root certificate and use that to sign server and client certificates that can later be used to secure gRPC over mTLS for instance.
Usage
Exporting the root certificate path is handy so you don't have to provide it to every call
$ export SCM_ROOT_CERT_PATH=/path/to/directory/for/root/cert
verify will check if the root certificate exists and if not, will create one
$ simplcert verify
root-crt will display the root certificate as PEM encoded string to the terminal.
$ simplcert root-crt
create will create a certificate. You can use CLI flags or just run create and fill in
the prompts. It is important to know the --host flag needs to be set to the domain name
where the service will be reached. Or, if Docker is used, the --host flag should be set
to the name of the docker container.
$ simplcert create \
--root-cert-path /path/to/root-ca \
--host hostname.tld \
--name "My server" \
--days-valid 30 \
--ecdsa \
--is-server
Usage examples
See examples folder for some examples:
Roadmap
| Status | Target | Description |
|---|---|---|
| ✓ | Add examples | Have an example folder displaying a working setup |
| ✓ | Add more signing options | RSA, DSA etc. (now only ecdsa is supported |
| ✓ | Write output to file | Add additional flag to write output to file instead of stdout |
| ✓ | Add Rust example | Add an example on how to use the certs in a Rust gRPC application |
| Open | Add leaf certs | Cross sign with dedicated leaf certs for server and client validations |