~mcf/x509cert

tool and library for generating X.509 certificates and certificate requests
Allow -d -1 to indicate no expiration
Allow specifying duration in units of days or years

clone

read-only
https://git.sr.ht/~mcf/x509cert
read/write
git@git.sr.ht:~mcf/x509cert

You can also use your local clone with git send-email.

#x509cert

builds.sr.ht status

x509cert is a tool and library for generating X.509 certificates and certificate requests. It is written in C99 and uses BearSSL to decode keys and compute signatures.

Like BearSSL, libx509cert makes minimal use of the standard library. It does not do any dynamic allocation, and uses only a few basic libc functions.

#Tool usage

x509cert [-C] [-a altname]... [-c issuercert] [-k issuerkey] [-b notbefore] [-d duration] [-s serial] subject key
x509cert -r [-a altname]... subject key

If -r is used, a PKCS#10 CertificateRequest is created. Otherwise, an X.509 Certificate is created. In either case, the structure is PEM-encoded and written to standard output. For more details, see x509cert(1).

#Library usage

See x509cert(3).