Easy to use SSL certificate
A tool for safe generation.

How to use

Installation method

# Install with Homebrew.
brew tap mknclab/csrgen
brew install csrgen

Functions other than initial setting and generation

Example) csrgen --init
# www.example.com-cert.conf is generated in ' ~ /.certinfo/ ' created in the home directory.
# Please edit only the = "" in the conf file.
# Please input the following options and domain name to generate the initial setting file.
Example) csrgen --add FQDN [ vim | emacs | nano ]
# When editing the contents of the initial setting.
Example) csrgen --edit FQDN [ vim | emacs | nano ]
# Delete initial setting file.
Example) csrgen --delete FQDN
# Confirm contents of initial setting file.
Example) csrgen --view FQDN
# List of '~ /.certinfo/'.
Example) csrgen --list
# Back up with TAR file.
Example) csrgen --backup FQDN
# Delete the most recently backed up TAR file.
Example) csrgen --remove FQDN
# Display the contents of public key. [ --csr: CSR file | --cer: combined certificate file | --org: certificate file before join | --ca: intermediate certificate file before joining ]
Example) csrgen --preview FQDN [ --csr | --cer | --org | --ca ]
# Change file name of certificate · public key · secret key all together.
Example) csrgen --rename FQDN New-FileName
# Manual.
Example) man csrgen

Method of generating public key

Example) csrgen -c FQDN -p SaveFolder -s O -y
Required option :
-c, --common  :  FQDN        [ Domain name (subdomain is not mandatory) ]
-p, --prefix  :  SaveFolder  [ Folder name designation to avoid duplicate overwriting. ]
-s, --ssl     : O or L       [ OpenSSL or LibreSSL ]
-y or -N      : yes or No    [ Confirmation of setting contents. ]

Binding options

Example) csrgen -b FQDN ~/use-cert.crt ~/ca.crt -y
Required option :
-b,--bind     :  Option to combine SSL certificate and intermediate certificate.
Argument :
FQDN          :  Domain name (ex: www.example.com)
use-cert.crt  :  SSL certificate acquired with public key.
Int-or-ca.crt :  Intermediate certificate file.
-y or -N      :  This is an option to show / hide confirmation items.

Public key and secret key · Folder structure of certificate generation destination

# The origin folder is generated only when using the bind option.
├── www.example.com-cert.conf : Initialization file as original pattern
└── FQDN-cert.conf : Generated initialization file
└── FQDN_bind.log : Record file path up to hogehoge_com_bind.txt
├── .crtbind
│      └── FQDN_bind.txt : Record full path for binding
├── .ver
│      └── FQDN_next.log : Version control
└── FQDN
       ├── FQDN.v1.201x.tar.gz : Backup file
       └── version(v1)
             ├── .csrname : Record file name for renaming
             ├── secure_aes.crt
             ├── secure_aes.csr
             ├── secure_aes.pem
             └── origin
                   ├── secure_aes_ca.crt
                   └── secure_aes_org.crt

Basic specifications

  1. Initial setting is required before use.
  2. Generate public and private keys only if domain and optional arguments set in ‘cert.conf’ match at creation time.
  3. “Temporary secret key” and “pass phrase” are deleted immediately after creation.
  4. The hash value of ‘rand.dat’ is a 65536 half-width alphanumeric random number. ※ OpenSSL only

Web service that generates cert.conf: https://www.mknclab.com/csrconf/
※ Data is stored in the local storage of the browser, so copy & paste is required.

Change log


MIT lincense