GitXplorerGitXplorer
L

mkcert

public
99 stars
15 forks
3 issues

Commits

List of commits on branch master.
Unverified
c95b20b9b0447e1536f637fd596c10a650984e2f

Avoid linking libc

LLukasa committed a month ago
Verified
919a780a68a6fe32343929aa56a65d62e603b9c3

Merge pull request #20 from alex/fix-distrust

LLukasa committed a month ago
Unverified
bbd91ec48a8e0d97bc550a310019acfad4480a4a

fixes #19 -- correct handle certificate distrust date

aalex committed 2 months ago
Verified
2f8a725f29d6d5d20e7981d0cdb9752ffdace2bf

Merge pull request #18 from mac-chaffee/master

LLukasa committed 4 months ago
Unverified
8385b614966b36d61b34850f7ea889bb5557d4c1

Update to go 1.23

mmac-chaffee committed 4 months ago
Unverified
5cbea7192e7db2310c8ef404d90d3936bfe536af

Remove setting GOMAXPROCS, it's auto-set to num-cpus these days

mmac-chaffee committed 4 months ago

README

The README file for this repository.

Mkcert

mkcert.org is a web service that allows you to build customised TLS trust stores.

Currently mkcert is just an API with no pretty frontend. That's in the works.

API

mkcert has the following endpoints:

GET /labels/

Returns a JSON object containing one key (Certificates) whose value is a list of all the certificate labels in the default trust store. Each of the items in the list can be passed to the other API endpoints to refer to a certificate.

GET /generate/<certs>

Builds a PEM file containing only the root certificates specified. The format of <certs> is a +-separated string. This string will be used to perform 'fuzzy-ish' matching to certificate labels. For example, if one of your <certs> strings is comodo, any label that contains the sequence of characters comodo (case-insensitively) will match.

Therefore, to build a .pem file that contains any GeoTrust certificate and any QuoVadis certificate, you would issue a GET request to /generate/geotrust+quovadis

The response to this request has the body formatted exactly like a .pem file, suitable for saving immediately.

GET /generate/all/except/<certs>

Builds a PEM file containing all root certificates except the root certificates specified. The format of <certs> is a +-separated string. This string will be used to perform 'fuzzy-ish' mapping to certificate labels. For example, if one of your <certs> strings is comodo, any label that contains the sequence of characters comodo (case-insensitively) will match.

Therefore, to build a .pem file that contains everything but any GeoTrust certificates and any QuoVadis certificates, you would issue a GET request to /generate/all/except/geotrust+quovadis.

The response to this request has the body formatted exactly like a .pem file, suitable for saving immediately.

POST /generate/

Builds a PEM file containing only the root certificates specified. The root certs are specified in the request body. The format of the request body is a JSON list of exact labels to include. That is, to generate a .pem file that contains only the "GeoTrust Global CA" and the "QuoVadis Root CA", you would POST the following body:

["GeoTrust Global CA", "QuoVadis Root CA"]

The response to this request has the body formatted exactly like a .pem file, suitable for saving immediately.

POST /generate/all/except/

Builds a PEM file containing all but the root certificates specified. The root certs are specified in the request body. The format of the request body is a JSON list of exact labels to include. That is, to generate a .pem file that contains all the certs except the "GeoTrust Global CA" and the "QuoVadis Root CA", you would POST the following body:

["GeoTrust Global CA", "QuoVadis Root CA"]

The response to this request has the body formatted exactly like a .pem file, suitable for saving immediately.

License

mkcert.org is made available under the Apache 2.0 License. See LICENSE for more details.