Gopher design by Tugay BALCI

GoSSL is a cross platform, easy to use SSL/TLS toolset written with Go and built with ❤️

• Generate RSA private and public key - key command
• Generate x509 RSA Certificate Request (CSR) - cert command
• Generate x509 RSA Root CA - cert command
• Generate x509 RSA Certificate - cert command
• Get information about an x509 RSA Certificate - info command
• Verify a Certificate with a Root CA - verify command
• Verify a URL with a Root CA - verify command
• Generate SSH key pair - ssh command
• Copy SSH public key to remote SSH server - ssh-copy command

Executable binaries can be downloaded at Releases page according to user's operating system and architecture. After download, extract compressed files and start using GoSSL via terminal.

MacOS users can install GoSSL via Homebrew with the commands below.

brew tap yakuter/homebrew-tap
brew install gossl

version command displays the current version of GoSSL

gossl -v
gossl --version

help command displays default help and existing commands. It can also be used to get sub command helps.

gossl help
gossl help cert
...

key command generates RSA private key with provided bit size.

gossl key --help
gossl key --bits 2048
gossl key --bits 2048 --out private.key
gossl key --bits 2048 --out private.key --withpub

info displays information about x509 certificate. Thanks grantae for great certinfo tool which is used here. A file path or a valid URL is used to get details of the certificate.

gossl info cert.pem
gossl info --url google.com

cert command generates x509 SSL/TLS Certificate Request (CSR), Root CA and Certificate with provided private key.

Help

gossl cert --help

Generate Certificate Request (CSR)

gossl cert \
    --key private.key \
    --out cert.csr \
    --days 365 \
    --serial 12345 \
    --isCSR

Generate Root CA

gossl cert \
    --key private.key \
    --out ca.pem \
    --days 365 \
    --serial 12345 \
    --isCA 

Generate Certificate

gossl cert \
    --key private.key \
    --out cert.pem \
    --days 365 \
    --serial 12345

verify command verifies x509 certificate with provided root CA in PEM format.

gossl verify --help

// Verify certificate with root CA 
gossl verify --cafile ./testdata/ca-cert.pem --certfile ./testdata/server-cert.pem
gossl verify --cafile ./testdata/ca-cert.pem --certfile ./testdata/server-cert.pem --dns 127.0.0.1

// Verify URL with root CA
gossl verify --cafile testdata/ca-cert.pem --url https://127.0.0.1

ssh command generates SSH key pair with provided bit size just like ssh-keygen tool. These key pairs are used for automating logins, single sign-on, and for authenticating hosts.

gossl key --help
gossl key --bits 2048
gossl key --bits 2048 --out ./id_rsa
// output will be written to ./id_rsa and ./id_rsa_pub files

ssh-copy connects remote SSH server, creates /home/user/.ssh directory and authorized_keys file in it and appends provided public key (eg, id_rsa.pub) to authorized_keys file just like ssh-copy-id tool.

gossl ssh-copy --help

// This command will use default SSH public key path as "USER_HOME_DIR/.ssh/id_rsa.pub"
gossl ssh-copy remoteUser@remoteIP

// This command will ask for password to connect SSH server
gossl ssh-copy --pubkey /home/user/.ssh/id_rsa.pub remoteUser@remoteIP

gossl ssh-copy --pubkey /home/user/.ssh/id_rsa.pub --password passw@rd123 remoteUser@remoteIP

1. Add generate command for generating private key, root ca and x509 certificates in one command
2. Add cert template format read from yaml file
3. Add certificate converter command like DER to PEM etc.