展示HN:我用Go重写了我的2012年自签名证书生成器 – cert-depot.com
在2012年,我创建了一个周末项目 <a href="https://cert-depot.com" rel="nofollow">https://cert-depot.com</a>。使用了Node.js + Express + jQuery,并通过OpenSSL生成证书。虽然它能正常工作,但最终我让它荒废了。<a href="https://news.ycombinator.com/item?id=4766743">https://news.ycombinator.com/item?id=4766743</a>
我用Go语言从头重写了它。整个项目是一个单一的二进制文件,没有外部依赖:
1. 证书生成使用Go的crypto/x509(不使用OpenSSL)
2. 证书在内存中生成并直接流式传输——服务器上不存储任何数据
3. 支持RSA 2048/4096和ECDSA P-256/P-384
4. 支持主题备用名称(自Chrome 58以来浏览器要求)
5. 输出为ZIP(PEM文件)或PFX/PKCS#12格式
欢迎您提出意见、建议或错误报告。谢谢。
源代码:<a href="https://github.com/dimastopel/certdepot" rel="nofollow">https://github.com/dimastopel/certdepot</a>
查看原文
Back in 2012 I built <a href="https://cert-depot.com" rel="nofollow">https://cert-depot.com</a> as a weekend project. Node.js + Express + jQuery, shelling out to OpenSSL for certificate generation. It worked but I eventually let it rot. <a href="https://news.ycombinator.com/item?id=4766743">https://news.ycombinator.com/item?id=4766743</a><p>Rewrote it from scratch in Go. The entire thing is a single binary with no external dependencies:<p>1. Certificate generation uses Go's crypto/x509 (no OpenSSL)<p>2. Certificates are generated in memory and streamed directly — nothing is stored on the server<p>3. RSA 2048/4096 and ECDSA P-256/P-384<p>4. Subject Alternative Names (required by browsers since Chrome 58)<p>5. ZIP (PEM files) or PFX/PKCS#12 output<p>You comments / suggestions / bug reports are very welcome. Thanks.<p>Source: <a href="https://github.com/dimastopel/certdepot" rel="nofollow">https://github.com/dimastopel/certdepot</a>