Lib.rs

Cryptographyrcgen
#tls-certificates #certificate #ca #mkcert #private-key

bin+lib rustls-cert-gen

Rust X.509 certificate generator CLI

by Dirkjan Ochtman, est31, Daniel McCarney and 43 contributors

1 unstable release

0.1.0 Mar 29, 2024

#2328 in Cryptography

Download history 249/week @ 2024-07-29 201/week @ 2024-08-05 434/week @ 2024-08-12 465/week @ 2024-08-19 245/week @ 2024-08-26 194/week @ 2024-09-02 205/week @ 2024-09-09 215/week @ 2024-09-16 261/week @ 2024-09-23 311/week @ 2024-09-30 219/week @ 2024-10-07 273/week @ 2024-10-14 495/week @ 2024-10-21 284/week @ 2024-10-28 259/week @ 2024-11-04 267/week @ 2024-11-11

1,309 downloads per month

MIT/Apache

185KB
4K SLoC

rustls-cert-gen

rustls-cert-gen is a tool to generate TLS certificates. In its current state it will generate a Root CA and an end-entity certificate, along with private keys. The end-entity certificate will be signed by the Root CA.

Usage

Having compiled the binary you can simply pass a path to output generated files.

cargo run -- -o output/dir

In the output directory you will find these files:

  • cert.pem (end-entity's X.509 certificate, signed by root-ca's key)
  • cert.key.pem (end-entity's private key)
  • root-ca.pem (ca's self-signed X.509 certificate)

For a complete list of supported options:

rustls-cert-gen --help

FAQ

What signature schemes are available?

  • pkcs_ecdsa_p256_sha256
  • pkcs_ecdsa_p384_sha384
  • pkcs_ed25519

lib.rs:

This library wraps [rcgen] to provide a simple API to generate TLS certificate-chains. Its primary intent is to ease development of applications that verify chains of trust. It can be used for whatever purpose you may need a TLS certificate-chain.

Dependencies

~8–28MB
~660K SLoC