Published 2024年12月22日 by

Simplify SSL/TLS Certificate Management

In modern network communication, SSL/TLS certificates are essential for ensuring secure data transmission. However, managing certificate chains for various cryptographic standards, such as RSA, ECC, and China’s SM2, can be a complex task. To streamline this process, we introduce multicertgen, an efficient and flexible open-source tool.

目录 隐藏
1 Introduction
2 Key Features
3 Installation and Usage
3.1 1. Clone the Repository
3.2 2. Set Execution Permissions
3.3 3. Run the Script
3.4 Parameter Descriptions:
4 Use Cases
5 Open Source and Contributions

Introduction

multicertgen is a versatile SSL/TLS certificate generation tool that supports the following cryptographic algorithms:

  • SM2: A commercial cryptographic standard in China.
  • RSA: A globally recognized and widely used classic cryptographic algorithm.
  • ECC: A modern, efficient cryptographic standard based on elliptic curves, offering high security and performance.

Designed for developers and system administrators, this tool enables the creation of complete certificate chains, supporting both global and Chinese cryptographic standards.

Key Features

  1. Support for Multiple Algorithms: Generate certificates with SM2, RSA, or ECC as needed.
  2. Complete Certificate Chain Generation:
    • Root CA Certificate
    • Intermediate CA Certificate
    • Server Signing Certificate
    • Server Encryption Certificate (SM2 only)
  3. Flexible Private Key Options: Generate both encrypted and unencrypted private keys.
  4. Dynamic Environment Configuration: Set LD_LIBRARY_PATH and PATH to customize dependencies, enabling seamless integration with Tongsuo or OpenSSL.
  5. Automated Certificate Creation: Simplify the process, reducing the need for complex command-line inputs.

Installation and Usage

1. Clone the Repository
git clone git@github.com:weida/multicertgen.git
cd multicertgen
2. Set Execution Permissions
chmod +x ssl_cert_chain_tool.sh
3. Run the Script
./ssl_cert_chain_tool.sh -a SM2 -o output_dir -p mypassword
Parameter Descriptions:
  • -a: Choose the algorithm (SM2, RSA, or ECC).
  • -o: Specify the output directory (default: certs).
  • -p: Set the private key password (default: garlic).
  • -u: Generate unencrypted private keys.
  • -t and -l: Configure binary and library paths for Tongsuo.

Use Cases

  • SM2 Applications: Create SSL/TLS certificates compliant with China’s cryptographic standards.
  • Global Applications: Support RSA and ECC algorithms for worldwide use cases.
  • Development and Testing: Quickly set up secure environments for development and testing, saving manual configuration time.

Open Source and Contributions

This project is hosted on GitHub. Contributions and feedback are welcome:
GitHub Repository

garlic

garlic

ARTS Share

Comments are closed.