Lib.rs

CryptographyRustls
#ca-certificate #certificate #ca #mkcert

bin+lib rustls-cert-gen

Rust X.509 certificate generator CLI

by Dirkjan Ochtman, est31 and 62 contributors

2 unstable releases

0.2.0 Jul 2, 2025
0.1.0 Mar 29, 2024

#2029 in Cryptography

Download history 630/week @ 2025-10-26 540/week @ 2025-11-02 658/week @ 2025-11-09 560/week @ 2025-11-16 454/week @ 2025-11-23 622/week @ 2025-11-30 357/week @ 2025-12-07 346/week @ 2025-12-14 209/week @ 2025-12-21 130/week @ 2025-12-28 490/week @ 2026-01-04 328/week @ 2026-01-11 328/week @ 2026-01-18 446/week @ 2026-01-25 463/week @ 2026-02-01 273/week @ 2026-02-08

1,521 downloads per month
Used in docker-registry

MIT/Apache

205KB
4K SLoC

This library wraps [rcgen] to provide a simple API to generate TLS certificate-chains. Its primary intent is to ease development of applications that verify chains of trust. It can be used for whatever purpose you may need a TLS certificate-chain.

rustls-cert-gen

rustls-cert-gen is a tool to generate TLS certificates. In its current state it will generate a Root CA and an end-entity certificate, along with private keys. The end-entity certificate will be signed by the Root CA.

Usage

Having compiled the binary you can simply pass a path to output generated files.

cargo run -- -o output/dir

In the output directory you will find these files:

  • cert.pem (end-entity's X.509 certificate, signed by root-ca's key)
  • cert.key.pem (end-entity's private key)
  • root-ca.pem (ca's self-signed X.509 certificate)

For a complete list of supported options:

rustls-cert-gen --help

FAQ

What signature schemes are available?

  • pkcs_ecdsa_p256_sha256
  • pkcs_ecdsa_p384_sha384
  • pkcs_ed25519

Dependencies

~7–35MB
~748K SLoC