Go to file

Stefan Goppelt 51407fe36f continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details docs: update README with detailed usage instructions and API reference		2026-03-29 20:37:57 +02:00
.githooks	chore: apply project standards templates	2026-03-29 20:12:28 +02:00
docs	feat: enhance CI/CD pipeline and add release process documentation	2026-03-29 20:34:56 +02:00
scripts	feat: enhance CI/CD pipeline and add release process documentation	2026-03-29 20:34:56 +02:00
.drone.yml	feat: enhance CI/CD pipeline and add release process documentation	2026-03-29 20:34:56 +02:00
.editorconfig	chore: apply project standards templates	2026-03-29 20:12:28 +02:00
.gitattributes	chore: apply project standards templates	2026-03-29 20:12:28 +02:00
.gitignore	chore: apply project standards templates	2026-03-29 20:12:28 +02:00
AGENTS.md	chore: apply project standards templates	2026-03-29 20:12:28 +02:00
CHANGELOG.md	feat: enhance CI/CD pipeline and add release process documentation	2026-03-29 20:34:56 +02:00
Certificate.go	Initial commit	2022-03-17 10:14:40 +01:00
Certificate_test.go	feat: enhance CI/CD pipeline and add release process documentation	2026-03-29 20:34:56 +02:00
README.md	docs: update README with detailed usage instructions and API reference	2026-03-29 20:37:57 +02:00
go.mod	feat: enhance CI/CD pipeline and add release process documentation	2026-03-29 20:34:56 +02:00
go.sum	feat: enhance CI/CD pipeline and add release process documentation	2026-03-29 20:34:56 +02:00

README.md

Go TLS Certificate Helper

Small helper library to generate a self-signed TLS certificate and return it as a ready-to-use *tls.Config.

Overview

The package builds an in-memory certificate and private key pair from a GenerateCertificate configuration and returns a TLS configuration with one certificate entry.

Supported key options:

RSA (default when EcdsaCurve is empty and Ed25519Key is false)
Ed25519 (when Ed25519Key is true)
ECDSA curves: P224, P256, P384, P521

Installation

go get scm.yoorie.de/go-lib/certs

Quick Start

package main

import (
    "fmt"
    "time"

    "scm.yoorie.de/go-lib/certs"
)

func main() {
    cfg := &certs.GenerateCertificate{
        Organization: "example.org",
        Host:         "127.0.0.1,localhost,api.example.org",
        ValidFor:     365 * 24 * time.Hour,
        RSABits:      2048,
    }

    tlsConfig, err := cfg.GenerateTLSConfig()
    if err != nil {
        panic(err)
    }

    fmt.Printf("certificates in config: %d\n", len(tlsConfig.Certificates))
}

API

Type: `GenerateCertificate`

Organization string: certificate subject organization
Host string: comma-separated DNS names and/or IPs for SAN
ValidFrom string: optional start date in format Jan 2 15:04:05 2006
ValidFor time.Duration: certificate validity duration
IsCA bool: whether to mark certificate as CA
RSABits int: RSA key size when RSA is used
EcdsaCurve string: one of P224, P256, P384, P521
Ed25519Key bool: generate Ed25519 key when true

Method

GenerateTLSConfig() (*tls.Config, error)

Creates a self-signed certificate and returns a *tls.Config with that certificate.

Important Notes

The certificate is self-signed (issuer equals subject).
Host is split by comma and mapped into DNS or IP SAN entries.
Invalid EcdsaCurve values are not recoverable: the implementation uses log.Fatalf.
Invalid ValidFrom values are not recoverable: the implementation uses log.Fatalf.

Development

Run quality checks locally:

go test ./...
go test -coverprofile .build/coverage.out ./...
go tool cover -func .build/coverage.out
go vet ./...
go run golang.org/x/vuln/cmd/govulncheck@latest ./...