项目作者: nxadm

项目描述 :
Minimal Certificate Tool
高级语言: Go
项目地址: git://github.com/nxadm/certmin.git
创建时间: 2021-01-08T16:39:45Z

开源协议:Apache License 2.0



CIGo Reference


certmin is a small, minimalistic library with high level functions
for X509 certificates (SSL). It supports certificates and keys with
PEM and DER encoding in PKCS1, PKCS5, PKCS7, PKCS8 and PKCS12
containers. Available functions include decoding and encoding of
certificates and keys, verify certificates against chains and
verify a certificate against a key. Utilities include checking
if a cert is a root CA, finding the leaf certificate, split certs,
sort chains in intermediates and roots and retrieving of certificates
and chains. See: API documentation at pkg.go.dev.

There is also a companion certmin CLI application
that consumes many of the functionalities of the library:

  1. $ ./certmin
  2. certmin, 0.5.11. A minimalist certificate utility.
  3. See https://github.com/nxadm/certmin for more information.
  4. Usage:
  5. certmin skim cert-location1 [cert-location2...]
  6. [--leaf|--follow] [--no-roots]
  7. [--sort|--rsort] [--once] [--keep] [--no-colour]
  8. certmin verify-chain cert-location [cert-location2...]
  9. [--root=ca-file1 --root=ca-file2...]
  10. [--inter=inter-file1 --inter=inter-file2...]
  11. [--leaf|--follow] [--no-roots]
  12. [--sort|--rsort] [--keep] [--no-colour]
  13. certmin verify-key key-file cert-location1 [cert-location2...]
  14. [--keep] [--no-colour]
  15. certmin [-h]
  16. certmin [-v]
  17. Certificate locations can be local files or remote addresses. Remote locations
  18. can be a hostname with optionally a port attached by ":" (defaults to port
  19. 443) or an URL (scheme://hostname for known schemes like https, ldaps, smtps,
  20. etc. or scheme://hostname:port for non-standard ports). When verifying a
  21. chain, the OS trust store will be used if no roots certificates are given as
  22. files or remotely requested.
  23. Actions:
  24. skim | sc : skim certificates (including bundles).
  25. verify-chain | vc : match certificates again its chain(s).
  26. verify-key | vk : match keys against certificate(s).
  27. Global options (optional):
  28. --leaf | -l : show only the local or remote leaf, not the chain.
  29. --no-roots | -n : don't retrieve root certificates.
  30. --follow | -f : follow Issuer Certificate URIs to retrieve chain.
  31. --root | -r : root certificate file(s).
  32. --inter | -i : intermediate certificate file(s).
  33. --sort | -s : sort the certificates and chains from leaf to root.
  34. --rsort | -z : sort the certificates and chains from root to leaf.
  35. --once | -o : if within a location several certificates share an
  36. intermediate/root, don't show certificates more than
  37. once to visually complete the chain. If "rsort" not
  38. given it enables "sort".
  39. --keep | -k : write the requested certificates and chains to files
  40. as PKCS1 PEM files (converting if necessary).
  41. --no-colour | -c : don't colourise the output.
  42. --help | -h : this help message.
  43. --version | -v : version message.


certmin is available using the standard go get command.

Install by running:

  1. go get github.com/nxadm/certmin

The CLI tool can be installed by running:

  1. go get github.com/nxadm/certmin/cmd/certmin


certmin can be loaded by a regular import:

  1. import "github.com/nxadm/certmin"


Read the API documentation at pkg.go.dev.