Cross platform, easy to use SSL/TLS toolset

  • By Erhan Yakut
  • Last update: Jan 2, 2023
  • Comments: 4

Build Status Total Downloads Codecov branch Go Version Go Version
Gopher design by Tugay BALCI

GoSSL

GoSSL is a cross platform, easy to use SSL/TLS toolset written with Go and built with ❤️

Features

  • Generate RSA private and public key
  • Generate x509 RSA Certificate Request (CSR)
  • Generate x509 RSA Root CA
  • Generate x509 RSA Certificate
  • Verify a Certificate with a Root CA
  • Verify a URL with a Root CA
  • Generate SSH key pair
  • Copy SSH public key to remote SSH server

Install

Executable binaries can be downloaded at Releases page according to user's operating system and architecture. After download, extract compressed files and start using GoSSL via terminal.

MacOS Homebrew Install

MacOS users can install GoSSL via Homebrew with the commands below.

brew tap yakuter/homebrew-tap
brew install gossl

Commands

version

version command displays the current version of GoSSL

gossl -v
gossl --version

help

help command displays default help and existing commands. It can also be used to get sub command helps.

gossl help
gossl help cert
...

key

key command generates RSA private key with provided bit size.

gossl key --help
gossl key --bits 2048
gossl key --bits 2048 --out private.key
gossl key --bits 2048 --out private.key --withpub

cert

cert command generates x509 SSL/TLS Certificate Request (CSR), Root CA and Certificate with provided private key.

Help

gossl cert --help

Generate Certificate Request (CSR)

gossl cert \
    --key private.key \
    --out cert.csr \
    --days 365 \
    --serial 12345 \
    --isCSR

Generate Root CA

gossl cert \
    --key private.key \
    --out ca.pem \
    --days 365 \
    --serial 12345 \
    --isCA 

Generate Certificate

gossl cert \
    --key private.key \
    --out cert.pem \
    --days 365 \
    --serial 12345

verify

verify command verifies x509 certificate with provided root CA in PEM format.

gossl verify --help

// Verify certificate with root CA 
gossl verify --cafile ./testdata/ca-cert.pem --certfile ./testdata/server-cert.pem
gossl verify --cafile ./testdata/ca-cert.pem --certfile ./testdata/server-cert.pem --dns 127.0.0.1

// Verify URL with root CA
gossl verify --cafile testdata/ca-cert.pem --url https://127.0.0.1

ssh

ssh command generates SSH key pair with provided bit size just like ssh-keygen tool. These key pairs are used for automating logins, single sign-on, and for authenticating hosts.

gossl key --help
gossl key --bits 2048
gossl key --bits 2048 --out ./id_rsa
// output will be written to ./id_rsa and ./id_rsa_pub files

ssh-copy

ssh-copy connects remote SSH server, creates /home/user/.ssh directory and authorized_keys file in it and appends provided public key (eg, id_rsa.pub) to authorized_keys file just like ssh-copy-id tool.

gossl ssh-copy --help

// This command will ask for password to connect SSH server
gossl ssh-copy --pubkey /home/user/.ssh/id_rsa.pub remoteUser@remoteIP

gossl ssh-copy --pubkey /home/user/.ssh/id_rsa.pub --password passw@rd123 remoteUser@remoteIP

TODO

  1. Add generate command for generating private key, root ca and x509 certificates in one command
  2. Add cert template format read from yaml file
  3. Add certificate converter command like DER to PEM etc.

Download

gossl.zip

Comments(4)

  • 1

    verifying url with CA

    I wrote a small func to test verifying url with RootCAs: (I changed test's package name to "verify" in order to use verifyURLWithCA func)

    func TestVerifyURL(t *testing.T) {
    	ts := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    		fmt.Fprintln(w, "hello!")
    	}))
    
    	rootCA, err := rootCAs("../../testdata/ca-cert.pem")
    	require.NoError(t, err)
            require.NotNil(t, rootCA)
    
    	ts.TLS = &tls.Config{
    		ClientCAs: rootCA,
    	}
    
    	ts.StartTLS()
    	defer ts.Close()
    
    	err = verifyURLWithCA(nil, ts.URL, rootCA)
    	require.NoError(t, err)
    }
    

    this test fails with the error:

    === RUN   TestVerifyURL
    2022/04/14 16:27:26 Failed to send Get request to URL https://127.0.0.1:54688 error: Get "https://127.0.0.1:54688": x509: certificate signed by unknown authority
    2022/04/14 16:27:26 http: TLS handshake error from 127.0.0.1:54689: remote error: tls: bad certificate
        verify_test.go:118:
                    Error Trace:    verify_test.go:118
                    Error:          Received unexpected error:
                                    Get "https://127.0.0.1:54688": x509: certificate signed by unknown authority
                    Test:           TestVerifyURL
    

    Am I missing something?

  • 2

    add homebrew releaser

    • added homebrew tap releaser
    • added 386 and arm architechtures to build section
    • added ldflags (-s -w) to produce a smaller binary which removes symbol table and debugging information
  • 3

    add getting cert details from url into info command

    I added getting certificate details from given URL to info command.

    I used the same argument which can be replaced with the file path.

    gossl info https://www.google.com
    

    or

    gossl info cert.pem
    

    In both ways, output file can be used to write details.

    If adding a URL flag is better, I can convert it too.

  • 4

    Convert certificates/keys between different formats

    Thank you for your work on this project! I'd love to see the following new feature in the CLI:

    Ability to convert certificates/keys between PEM to PKCS12 (with password support), and the other way around.