aipper/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2025-10-14 00:41:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

Document the hardcoded PKCS#12 password

Browse Source 
PKCS#12 encryption is legacy and we don't want to encourage relying on
it by making the password configurable. Some systems require the default
"changeit", so stick with that.

Fixes #86
Closes #58
Closes #87
This commit is contained in:
Filippo Valsorda
2019-01-06 17:38:49 -05:00
parent ea716f38b3
commit 6060e206a4
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cert.go
View File

@@ -113,7 +113,8 @@ func (m *mkcert) makeCert(hosts []string) {
if !m.pkcs12 { if !m.pkcs12 {
log.Printf("\nThe certificate is at \"./%s.pem\" and the key at \"./%s-key.pem\" ✅\n\n", filename, filename) log.Printf("\nThe certificate is at \"./%s.pem\" and the key at \"./%s-key.pem\" ✅\n\n", filename, filename)
} else { } else {
log.Printf("\nThe PKCS#12 bundle is at \"./%s.p12\" ✅\n\n", filename) log.Printf("\nThe PKCS#12 bundle is at \"./%s.p12\" ✅\n", filename)
log.Printf("\nThe legacy PKCS#12 encryption password is the often hardcoded default \"changeit\" \n\n")
} }
} }
@@ -188,8 +189,8 @@ func (m *mkcert) newCA() {
KeyUsage: x509.KeyUsageCertSign, KeyUsage: x509.KeyUsageCertSign,
BasicConstraintsValid: true, BasicConstraintsValid: true,
IsCA: true, IsCA: true,
MaxPathLenZero: true, MaxPathLenZero: true,
} }
cert, err := x509.CreateCertificate(rand.Reader, tpl, tpl, &pub, priv) cert, err := x509.CreateCertificate(rand.Reader, tpl, tpl, &pub, priv)