Skip to content

Lukasa/mkcert

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
body
body
 
 
certs
certs
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

Mkcert

mkcert.org is a web service that allows you to build customised TLS trust stores.

Currently mkcert is just an API with no pretty frontend. That's in the works.

API

mkcert has the following endpoints:

GET /labels/

Returns a JSON object containing one key (Certificates) whose value is a list of all the certificate labels in the default trust store. Each of the items in the list can be passed to the other API endpoints to refer to a certificate.

GET /generate/<certs>

Builds a PEM file containing only the root certificates specified. The format of <certs> is a +-separated string. This string will be used to perform 'fuzzy-ish' matching to certificate labels. For example, if one of your <certs> strings is comodo, any label that contains the sequence of characters comodo (case-insensitively) will match.

Therefore, to build a .pem file that contains any GeoTrust certificate and any QuoVadis certificate, you would issue a GET request to /generate/geotrust+quovadis

The response to this request has the body formatted exactly like a .pem file, suitable for saving immediately.

GET /generate/all/except/<certs>

Builds a PEM file containing all root certificates except the root certificates specified. The format of <certs> is a +-separated string. This string will be used to perform 'fuzzy-ish' mapping to certificate labels. For example, if one of your <certs> strings is comodo, any label that contains the sequence of characters comodo (case-insensitively) will match.

Therefore, to build a .pem file that contains everything but any GeoTrust certificates and any QuoVadis certificates, you would issue a GET request to /generate/all/except/geotrust+quovadis.

The response to this request has the body formatted exactly like a .pem file, suitable for saving immediately.

POST /generate/

Builds a PEM file containing only the root certificates specified. The root certs are specified in the request body. The format of the request body is a JSON list of exact labels to include. That is, to generate a .pem file that contains only the "GeoTrust Global CA" and the "QuoVadis Root CA", you would POST the following body:

["GeoTrust Global CA", "QuoVadis Root CA"]

The response to this request has the body formatted exactly like a .pem file, suitable for saving immediately.

POST /generate/all/except/

Builds a PEM file containing all but the root certificates specified. The root certs are specified in the request body. The format of the request body is a JSON list of exact labels to include. That is, to generate a .pem file that contains all the certs except the "GeoTrust Global CA" and the "QuoVadis Root CA", you would POST the following body:

["GeoTrust Global CA", "QuoVadis Root CA"]

The response to this request has the body formatted exactly like a .pem file, suitable for saving immediately.

License

mkcert.org is made available under the Apache 2.0 License. See LICENSE for more details.

About

Customised trust stores for you and your family.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

98 stars

Watchers

10 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

Languages