A docker image for mkcert.dev

mkcert.dev is a tool for developer to generate valid certificates. Those certificates can then be used in their dev environment.

This repository provides a dockerfile and a helper script to:

• Create CA certificate
• Create a server certificate (key + crt)
• Create a server certificate (p12)
• Convert the server certificate to JKS format
• Convert the CA certificate to JKS format

Usage

docker run -v /tmp/certs:/certs -e SERVER_HOSTNAMES="localhost.localdomain localhost" -it nmasse/mkcert:latest

$ ls -l /tmp/certs/
total 64
-rw-r--r--  1 nmasse  wheel  4839 Mar 26 10:58 keystore.jks
-r--------  1 nmasse  wheel  2484 Mar 26 10:58 rootCA-key.pem
-rw-r--r--  1 nmasse  wheel  1639 Mar 26 10:58 rootCA.pem
-rw-r--r--  1 nmasse  wheel  1517 Mar 26 10:58 server.crt
-rw-------  1 nmasse  wheel  1704 Mar 26 10:58 server.key
-rw-r--r--  1 nmasse  wheel  3927 Mar 26 10:58 server.p12
-rw-r--r--  1 nmasse  wheel  1466 Mar 26 10:58 truststore.jks

$ openssl x509 -noout -text -in /tmp/certs/server.crt |grep -A1 'X509v3 Subject Alternative Name'
            X509v3 Subject Alternative Name: 
                DNS:localhost.localdomain, DNS:localhost

Environment variables

SERVER_HOSTNAMES

• the hostnames to include in the certificate (list of hostnames separated by a space)
• default value: docker.for.mac.localhost docker.for.win.localhost localhost localhost.localdomain

JKS_PASSWORD

• the password used to protect the JKS store and keys
• default value: super-secret

Note: the password protecting the PKCS#12 is hardcoded to changeit !