Gopher design by Tugay BALCI
GoSSL
GoSSL is a cross platform, easy to use SSL/TLS toolset written with Go and built with
Features
- Generate RSA private and public key - key command
- Generate x509 RSA Certificate Request (CSR) - cert command
- Generate x509 RSA Root CA - cert command
- Generate x509 RSA Certificate - cert command
- Get information about an x509 RSA Certificate - info command
- Verify a Certificate with a Root CA - verify command
- Verify a URL with a Root CA - verify command
- Generate SSH key pair - ssh command
- Copy SSH public key to remote SSH server - ssh-copy command
Install
Executable binaries can be downloaded at Releases page according to user's operating system and architecture. After download, extract compressed files and start using GoSSL via terminal.
MacOS Homebrew Install
MacOS users can install GoSSL via Homebrew with the commands below.
brew tap yakuter/homebrew-tap
brew install gosslCommands
version
version command displays the current version of GoSSL
gossl -v
gossl --versionhelp
help command displays default help and existing commands. It can also be used to get sub command helps.
gossl help
gossl help cert
...key
key command generates RSA private key with provided bit size.
gossl key --help
gossl key --bits 2048
gossl key --bits 2048 --out private.key
gossl key --bits 2048 --out private.key --withpubinfo
info displays information about x509 certificate. Thanks grantae for great certinfo tool which is used here.
A file path or a valid URL is used to get details of the certificate.
gossl info cert.pem
gossl info --url google.comcert
cert command generates x509 SSL/TLS Certificate Request (CSR), Root CA and Certificate with provided private key.
Help
gossl cert --helpGenerate Certificate Request (CSR)
gossl cert \
--key private.key \
--out cert.csr \
--days 365 \
--serial 12345 \
--isCSRGenerate Root CA
gossl cert \
--key private.key \
--out ca.pem \
--days 365 \
--serial 12345 \
--isCA Generate Certificate
gossl cert \
--key private.key \
--out cert.pem \
--days 365 \
--serial 12345verify
verify command verifies x509 certificate with provided root CA in PEM format.
gossl verify --help
// Verify certificate with root CA
gossl verify --cafile ./testdata/ca-cert.pem --certfile ./testdata/server-cert.pem
gossl verify --cafile ./testdata/ca-cert.pem --certfile ./testdata/server-cert.pem --dns 127.0.0.1
// Verify URL with root CA
gossl verify --cafile testdata/ca-cert.pem --url https://127.0.0.1ssh
ssh command generates SSH key pair with provided bit size just like ssh-keygen tool. These key pairs are used for automating logins, single sign-on, and for authenticating hosts.
gossl key --help
gossl key --bits 2048
gossl key --bits 2048 --out ./id_rsa
// output will be written to ./id_rsa and ./id_rsa_pub filesssh-copy
ssh-copy connects remote SSH server, creates /home/user/.ssh directory and authorized_keys file in it and appends provided public key (eg, id_rsa.pub) to authorized_keys file just like ssh-copy-id tool.
gossl ssh-copy --help
// This command will use default SSH public key path as "USER_HOME_DIR/.ssh/id_rsa.pub"
gossl ssh-copy remoteUser@remoteIP
// This command will ask for password to connect SSH server
gossl ssh-copy --pubkey /home/user/.ssh/id_rsa.pub remoteUser@remoteIP
gossl ssh-copy --pubkey /home/user/.ssh/id_rsa.pub --password passw@rd123 remoteUser@remoteIP
TODO
- Add generate command for generating private key, root ca and x509 certificates in one command
- Add cert template format read from yaml file
- Add certificate converter command like DER to PEM etc.