certgen

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 16, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Overview

Package certgen provides TLS certificate generation for local development.

It automatically generates a Certificate Authority (CA) and server certificates for wildcard domains (*.dev.localhost) without requiring external tools like mkcert.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExportToDER added in v0.8.0

func ExportToDER(pemPath, derPath string) error

ExportToDER exports a PEM certificate to DER format

func ExportToPEM added in v0.8.0

func ExportToPEM(srcPath, dstPath string) error

ExportToPEM copies a PEM certificate to a new location

func GetCAFingerprint added in v0.8.0

func GetCAFingerprint(certPath string) (string, error)

GetCAFingerprint returns the SHA256 fingerprint of a CA certificate

func GetCASubject added in v0.8.0

func GetCASubject(certPath string) (string, error)

GetCASubject returns the subject (CN) of a CA certificate

func IsWSL added in v0.8.0

func IsWSL() bool

IsWSL returns true if running under Windows Subsystem for Linux

Types

type CAInstaller added in v0.8.0

type CAInstaller interface {
	// Install installs the CA certificate to the system trust store
	Install(caCertPath string) error

	// Uninstall removes the CA certificate from the system trust store
	Uninstall(caCertPath string) error

	// IsInstalled checks if the CA certificate is installed in the system trust store
	IsInstalled(caCertPath string) (bool, error)

	// NeedsSudo returns whether this installer requires elevated privileges
	NeedsSudo() bool

	// Description returns a human-readable description of where certs are installed
	Description() string
}

CAInstaller is the interface for installing CA certificates into system trust stores

func NewSystemInstaller added in v0.8.0

func NewSystemInstaller() CAInstaller

NewSystemInstaller returns the system CA installer for the current platform

func NewUserInstaller added in v0.8.0

func NewUserInstaller() CAInstaller

NewUserInstaller returns a user-level CA installer Note: On Linux, there's no standard user-level CA store, so this still uses system store

type FirefoxInstaller added in v0.8.0

type FirefoxInstaller struct{}

FirefoxInstaller installs CA certificates to Firefox's NSS store

func NewFirefoxInstaller added in v0.8.0

func NewFirefoxInstaller() *FirefoxInstaller

NewFirefoxInstaller returns a Firefox-specific CA installer

func (*FirefoxInstaller) Description added in v0.8.0

func (i *FirefoxInstaller) Description() string

func (*FirefoxInstaller) Install added in v0.8.0

func (i *FirefoxInstaller) Install(caCertPath string) error

func (*FirefoxInstaller) IsInstalled added in v0.8.0

func (i *FirefoxInstaller) IsInstalled(caCertPath string) (bool, error)

func (*FirefoxInstaller) NeedsSudo added in v0.8.0

func (i *FirefoxInstaller) NeedsSudo() bool

func (*FirefoxInstaller) Uninstall added in v0.8.0

func (i *FirefoxInstaller) Uninstall(caCertPath string) error

type Generator

type Generator struct {
	// contains filtered or unexported fields
}

Generator handles TLS certificate generation

func NewGenerator

func NewGenerator(certsDir, baseDomain string) *Generator

NewGenerator creates a new certificate generator

func (*Generator) CACrtPath

func (g *Generator) CACrtPath() string

CACrtPath returns the path to Windows-compatible CA certificate (DER format)

func (*Generator) CertPaths

func (g *Generator) CertPaths() (caCert, caKey, serverCert, serverKey string)

CertPaths returns the paths to certificate files

func (*Generator) CheckCertDomain added in v0.8.0

func (g *Generator) CheckCertDomain() (bool, []string, error)

CheckCertDomain checks if the existing server certificate matches the configured domain. Returns (matches, certDNSNames, error). If certificate doesn't exist, returns (true, nil, nil) to indicate no mismatch.

func (*Generator) EnsureCerts

func (g *Generator) EnsureCerts() error

EnsureCerts generates certificates if they don't exist If server cert/key already exist (e.g., from mkcert), they are used as-is

func (*Generator) RegenerateCerts added in v0.8.0

func (g *Generator) RegenerateCerts() error

RegenerateCerts forces regeneration of server certificates (keeping CA).

type InstallStatus added in v0.8.0

type InstallStatus struct {
	Installed   bool   `json:"installed"`
	Location    string `json:"location"`
	Description string `json:"description"`
	NeedsSudo   bool   `json:"needs_sudo"`
}

InstallStatus represents the installation status of a CA certificate

type LinuxInstaller added in v0.8.0

type LinuxInstaller struct {
	// contains filtered or unexported fields
}

LinuxInstaller installs CA certificates to the Linux system trust store

func (*LinuxInstaller) Description added in v0.8.0

func (i *LinuxInstaller) Description() string

func (*LinuxInstaller) Install added in v0.8.0

func (i *LinuxInstaller) Install(caCertPath string) error

func (*LinuxInstaller) IsInstalled added in v0.8.0

func (i *LinuxInstaller) IsInstalled(caCertPath string) (bool, error)

func (*LinuxInstaller) NeedsSudo added in v0.8.0

func (i *LinuxInstaller) NeedsSudo() bool

func (*LinuxInstaller) Uninstall added in v0.8.0

func (i *LinuxInstaller) Uninstall(caCertPath string) error

type WSLInstaller added in v0.8.0

type WSLInstaller struct{}

WSLInstaller installs CA certificates to Windows from WSL Note: WSL cannot run Windows commands with admin privileges, so this always installs to the current user's certificate store.

func NewWSLInstaller added in v0.8.0

func NewWSLInstaller() *WSLInstaller

NewWSLInstaller returns a Windows CA installer for use from WSL Note: Always installs to user store since WSL cannot elevate to admin

func NewWSLUserInstaller added in v0.8.0

func NewWSLUserInstaller() *WSLInstaller

NewWSLUserInstaller returns a Windows user-level CA installer for use from WSL Deprecated: Use NewWSLInstaller instead. WSL always uses user store.

func (*WSLInstaller) Description added in v0.8.0

func (i *WSLInstaller) Description() string

func (*WSLInstaller) Install added in v0.8.0

func (i *WSLInstaller) Install(caCertPath string) error

func (*WSLInstaller) IsInstalled added in v0.8.0

func (i *WSLInstaller) IsInstalled(caCertPath string) (bool, error)

func (*WSLInstaller) NeedsSudo added in v0.8.0

func (i *WSLInstaller) NeedsSudo() bool

func (*WSLInstaller) Uninstall added in v0.8.0

func (i *WSLInstaller) Uninstall(caCertPath string) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL