Skip to content

100% Coverage! Lightweight self-signed certificate generator, size between 1.5MB (executable) and 5MB (docker image).

License

Notifications You must be signed in to change notification settings

soulteary/certs-maker

Repository files navigation

Certs Maker

CodeQL Release Docker Image codecov

ENGLISH | 中文文档

Lightweight self-signed certificate generator, size between 1.5MB (executable) and 5MB (docker image).

Generate self-hosted or development certificates through simple configuration.

Quick Start

Create self-signed certificates supporting *.lab.com and *.data.lab.com domains with just "One Click":

docker run --rm -it -v `pwd`/ssl:/ssl soulteary/certs-maker:v3.7.0 "--CERT_DNS=lab.com,*.lab.com,*.data.lab.com"
# OR use environment:
# docker run --rm -it -v `pwd`/ssl:/ssl -e "CERT_DNS=lab.com,*.lab.com,*.data.lab.com" soulteary/certs-maker:v3.7.0

The generated certificates will be stored in the ssl directory within the execution directory:

ssl
├── lab.com.conf
├── lab.com.der.crt
├── lab.com.der.key
├── lab.com.pem.crt
└── lab.com.pem.key

You can use PEM or DER format certificates according to your preference.

For those who prefer file-based configuration, you can use a docker-compose.yml file like this:

version: '2'
services:

certs-maker:
    image: soulteary/certs-maker:v3.7.0
    environment:
      - CERT_DNS=lab.com,*.lab.com,*.data.lab.com
    volumes:
      - ./ssl:/ssl

Then, run the following command:

docker-compose up
# OR
# docker compose up

To make the certificate more Kubernetes-friendly, add the FOR_K8S parameter:

docker run --rm -it -v `pwd`/ssl:/ssl soulteary/certs-maker:v3.7.0 "--CERT_DNS=lab.com,*.lab.com,*.data.lab.com --FOR_K8S=ON"
# OR
# docker run --rm -it -v `pwd`/ssl:/ssl -e "CERT_DNS=lab.com,*.lab.com,*.data.lab.com" -e "FOR_K8S=ON" soulteary/certs-maker:v3.7.0

Here's a K8s-friendly docker-compose.yml file:

version: '2'
services:

certs-maker:
    image: soulteary/certs-maker:v3.7.0
    environment:
      - CERT_DNS=lab.com,*.lab.com,*.data.lab.com
      - FOR_K8S=ON
    volumes:
      - ./ssl:/ssl

To enhance compatibility with Firefox, include the FOR_FIREFOX parameter:

docker run --rm -it -v `pwd`/ssl:/ssl soulteary/certs-maker:v3.7.0 "--CERT_DNS=lab.com,*.lab.com,*.data.lab.com --FOR_FIREFOX=ON"
# OR
# docker run --rm -it -v `pwd`/ssl:/ssl -e "CERT_DNS=lab.com,*.lab.com,*.data.lab.com" -e "FOR_FIREFOX=ON" soulteary/certs-maker:v3.7.0

And here's a Firefox-friendly docker-compose.yml file:

version: '2'
services:

certs-maker:
    image: soulteary/certs-maker:v3.7.0
    environment:
      - CERT_DNS=lab.com,*.lab.com,*.data.lab.com
      - FOR_FIREFOX=ON
    volumes:
      - ./ssl:/ssl

For more granular control over certificate details, such as issuing country, province, street, and organization name, refer to the following section on manually adding parameters.

SSL Certificate Parameters

Customize your generated certificate by setting environment variables or using Docker CLI arguments.

Using environment variables:

Parameter Name Use in environment variables
Country Name CERT_C CERT_C=CN
State Or Province Name CERT_ST CERT_ST=BJ
Locality Name CERT_L CERT_L=HD
Organization Name CERT_O CERT_O=Lab
Organizational Unit Name CERT_OU CERT_OU=Dev
Common Name CERT_CN CERT_CN=Hello World
Domains CERT_DNS CERT_DNS=lab.com,*.lab.com,*.data.lab.com
Issue for K8s FOR_K8S FOR_K8S=ON
Issue for Firefox FOR_FIREFOX FOR_FIREFOX=ON
File Owner User USER USER=ubuntu
File Owner UID UID UID=1234
File Owner GID GID GID=2345
Custom certs output dir DIR DIR=./ssl
Custom certs filename CUSTOM_FILE_NAME CUSTOM_FILE_NAME=filename
Expire Days EXPIRE_DAYS EXPIRE_DAYS=3650

Using program CLI arguments:

Parameter Name Use in CLI arguments
Country Name CERT_C --CERT_C=CN
State Or Province Name CERT_ST --CERT_ST=BJ
Locality Name CERT_L --CERT_L=HD
Organization Name CERT_O --CERT_O=Lab
Organizational Unit Name CERT_OU --CERT_OU=Dev
Common Name CERT_CN --CERT_CN=Hello World
Domains CERT_DNS --CERT_DNS=lab.com,*.lab.com,*.data.lab.com
Issue for K8s FOR_K8S --FOR_K8S=ON
Issue for Firefox FOR_FIREFOX --FOR_FIREFOX=ON
File Owner User USER --USER=ubuntu
File Owner UID UID --UID=1234
File Owner GID GID --GID=2345
Custom certs output dir DIR --DIR=./ssl
Custom certs filename CUSTOM_FILE_NAME --CUSTOM_FILE_NAME=filename
Expire Days EXPIRE_DAYS --EXPIRE_DAYS=3650

Docker Image

soulteary/certs-maker

Related Documentation and Tutorials