# README

package cert

This package contains functions for creating a local development root certificate that can then be used with net/http tlsConfig servers to dynamically generate SSL certificates in development.

The generated certificates are kept in-memory in a cache and are re-generated on next execution.

On macOS the certificate is installed into the system keychain (a password prompt is shown) so all generated certificates are trusted automatically.

Usage example

You need to run the root certificate creation step once:

  keyPath, certPath, err := cert.CreateCert("/path/to/cert/dir", "My CA")

Then install the certificate for your platform:

  err := cert.InstallCert(certPath)

Now you can create an HTTPS server that uses the root certificate to generate valid certificates dynamically:

  cache, err := cert.NewCache()

  tlsConfig := &tls.Config{
    GetCertificate: cache.GetCertificate,
  }

See https://github.com/moomerman/zap/tree/master/cert/example_test.go for a full example.

Credits

The majority of the code for this package was extracted from https://github.com/puma/puma-dev.

# Functions

CreateCACert

CreateCACert creates and returns a new CA certificate key pair.

CreateCertLegacy

CreateCertLegacy creates a new self-signed root certificate.

EncodeCert

EncodeCert is a helper to encode the given certificate.

InstallCert

InstallCert installs a CA certificate root in the system cacerts on linux.

IssueCert

IssueCert generates a signed Key/Cert pair for the given CACert with the given name.

LoadCACert

LoadCACert loads a certificate key pair into memory.

NewCache

NewCache holds the dynamically generated host certificates.

# Variables

CACert

CACert is the self-signed root certificate.

# Structs

Cache

Cache is a struct to hold the dynamic certificates and a lock.