Summary

Clone URL:

git Use ID

Description:

Gimmecert is a simple CLI tool for quickly issuing X.509 server and client certificates using locally-generated CA hierarchy with minimal hassle.

Trending files:

Download:

Download as zip With subrepos

Latest Changes

branko	d52b62b9a9db	4 years ago	GC-37: Use CA hierarchy issuer's key size when generating RSA private keys.
branko	de1cc2505a56	4 years ago	GC-37: Refactor key specification handling: GC-37: Refactor key specification handling: - Perform the key specification parsing within CLI module itself, don't do it via crypto module. - Pass-in tuple consisting out of algorithm and associated parameters into the init command instead of key generator. - Updated all tests to accomodate the change in init function signature. - Simplify the KeyGenerator class. - Do not test if KeyGenerator class sets the properties via constructor - it is sufficient to test string represenation and key generation.
branko	52d85e47faa0	4 years ago	GC-37: Added support for requesting custom RSA key size when initialising the CA hierarchy: GC-37: Added support for requesting custom RSA key size when initialising the CA hierarchy: - Added functional test. - Added unit tests. - Added new CLI option for specifying the algorithm. - Implemented KeyGenerator factory-like class that can be called to generate a private key with desired specification. - The init init function now accepts a callable that is used to generate private keys. - The generate_ca_hierarchy function now accepts a callable that is used to generate private keys. - Updated existing unit tests to cope with changes to the init and generate_ca_hierarchy function signatures. - Updated existing unit tests to cope with changes to existing functionality. - Updated existing functional tests to cope with changes in command output.
branko	a08bc91f2b7d	4 years ago	GC-37: Drop use of depth variable in a number of tests to make them simpler.
branko	0ee05781e722	4 years ago	GC-37: Introduce gctmpdir fixture for reducing duplication in tests: GC-37: Introduce gctmpdir fixture for reducing duplication in tests: - Fixture can be used to initialise the temporary directory with 1-level deep Gimmecert hierarchy. It is very useful for tests that do not care about hierarchy details, while at the same time being much faster than the sample directory one. - Fixture should not be used for testing of init/status commands (since those heavily test what the hierarchy looks like).
branko	44a6d86f1ba5	4 years ago	Noticket: Switching to development version. maintenance/0.3
branko	e85f90d9435e	4 years ago	Noticket: Preparing release 0.3.0. 0.3.0
branko	481adde2a48a	4 years ago	GC-33: Drop empty line from release notes.
branko	ed38fdc9be63	4 years ago	GC-33: Update invocation commands for running tests under Vagrant in order to avoid errors.
branko	13380988dc27	4 years ago	GC-33: Fixed invocation of py3clean on the Vagrant machine (must pass-in directory path to it).

README.rst

About Gimmecert

Gimmecert is a simple CLI tool for quickly issuing X.509 server and client certificates using locally-generated CA hierarchy with minimal hassle.

The tool is useful for issuing certificates in:

Local environment, when trying out a piece of new software that depends on use of certificates.
Development environment, when it is necessary to issue certificates either for purpose of integration with other systems, or for ability to develop new feature that involves use of certificates.
Testing/CI/CD environment, when it is necessary to deploy/configure tests to use certificates in order to ensure the tests are run properly and in full.

At time of this writing, Gimmecert is compatible with the following Python versions:

Python 3.8
Python 3.9
Python 3.10
Python 3.11
Python 3.12

Why was this tool created?

The tool was created to remove the pain of setting-up a CA hierarchy, and then using this hierarchy to issue a couple of test certificates.

While there are existing tools that can be used to this end (in particular the OpenSSL's CLI and GnuTLS' <tt class="docutils literal">certtool</tt>), the process of using them is tedious, slow, and error-prone.

There are some more long-lived solutions out there, in form of full-blown CAs, but those can be both an overkill and resource hog when all a person needs is a couple of certificates that can be thrown away.

Features

Gimmecert provides the following features:

It is very easy to use. Commands are intuitive, and require minimal input from the user.
Initialisation of CA hierarchy for issuing certificates. CA hierarchy depth can be specified, letting you easily simulate your production environment.
Issuance of TLS server certificates, with any number of DNS subject alternative names.
Issuance of TLS client certificates.
All generated artifacts stored within a single sub-directory (<tt class="docutils literal">.gimmecert</tt>), relative to directory where command is invoked. This allows you to easily issue per-project testing certificates.

Support

In case of problems with the tool, please do not hesitate to contact the author at gimmecert (at) majic.rs. Known issues and planned features are tracked on website:

https://projects.majic.rs/gimmecert/

The tool is hosted on author's own server, alongside a mirror on Github:

Documentation is available on:

https://gimmecert.readthedocs.io/

License

Gimmecert code is licensed under the terms of GPLv3, or (at your option) any later version. You should have received the full copy of the GPLv3 license in the local file LICENSE-GPLv3, or you may read the full text of the license at:

https://www.gnu.org/licenses/gpl-3.0.txt

Gimmecert documentation is licensed under the terms of CC-BY-SA 3.0 Unported license. You should have received the full copy of the CC-BY-SA 3.0 Unported in the local file LICENSE-CC-BY-SA-3.0-Unported, or you may read the full text of the license at:

https://creativecommons.org/licenses/by-sa/3.0/