A fast, simple and easy-to-use certificate generator.
-
multiple key algorithms
- RSA
- key size:
1024、2048
- key size:
- ECDSA
- ecdsa curve:
P224、P256、P384、P521
- ecdsa curve:
- ED25591
- RSA
-
multiple generation strategies
- support generate certificate authority、middle certificate authority and general tls certificate
- support generate certificate chain and private key in pkcs8 format
- support specified output path
-
customizing certificate information
- subject
- C、O、OU、CN、SERIALNUMBER、L、ST、POSTALCODE
- subject alternative name
- dns names
- ip addresses
- validity time
- subject
Provider gen ca and gen tls commands for certificate generation, run help for more information about a command and
its flags.
easy-ca-cli help1、Generate a certificate authority with specified subject info、valid time and output path with ecdsa algorithm.
easy-ca-cli gen ca --ecdsa --ecdsa-curve P512 \
--subject "/C=CN/O=Easy CA/OU=IT Dept./CN=Easy CA Root" \
--start-date "2022-01-01 15:00:00" --days 3650 \
--out-key ca_key.pem --out-cert ca_cert.pem2、Generate a middle certificate authority using the certificate authority generated above
easy-ca-cli gen ca --ecdsa --ecdsa-curve P384 \
--subject "/C=CN/O=Easy CA/OU=IT Dept./CN=Easy CA Authority R1" \
--start-date "2022-01-01 15:05:00" --days 1800 \
--issuer-key ca_key.pem --issuer-cert ca_cert.pem \
--out-key mca_key.pem --out-cert mca_cert.chain.pem3、Generate a TLS certificate using the certificate authority generated above
easy-ca-cli gen tls --rsa --rsa-keysize 2048 \
--subject "/C=CN/O=Easy CA/OU=IT Dept./CN=easy-ca.com" \
--host "easy-ca.com,www.easy-ca.com,cli.easy-ca.com" \
--start-date "2022-01-01 15:10:00" --days 365 \
--issuer-key mca_key.pem --issuer-cert mca_cert.chain.pem \
--out-key easyca_key.pem --out-cert easyca_cert.chain.pemEasy CA CLI is released under the MIT license. See LICENSE