From 66af5a51f6e7347d2b4365f9ca3d143f84f3f395 Mon Sep 17 00:00:00 2001 From: John Downey Date: Sat, 2 Feb 2019 15:44:12 -0500 Subject: [PATCH] Add support for client certificates with -client Fixes #125 Closes #89 --- README.md | 3 +++ cert.go | 3 +++ main.go | 8 ++++++-- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 846528b..09135e9 100644 --- a/README.md +++ b/README.md @@ -125,6 +125,9 @@ mkcert supports the following root stores: -cert-file FILE, -key-file FILE, -p12-file FILE Customize the output paths. + -client + Generate a certificate for client authentication. + -ecdsa Generate a certificate with an ECDSA key. diff --git a/cert.go b/cert.go index a4c7591..98e21d0 100644 --- a/cert.go +++ b/cert.go @@ -76,6 +76,9 @@ func (m *mkcert) makeCert(hosts []string) { tpl.DNSNames = append(tpl.DNSNames, h) } } + if m.client { + tpl.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth} + } // IIS (the main target of PKCS #12 files), only shows the deprecated // Common Name in the UI. See issue #115. diff --git a/main.go b/main.go index 1e6f48f..4549bae 100644 --- a/main.go +++ b/main.go @@ -44,6 +44,9 @@ const advancedUsage = `Advanced options: -cert-file FILE, -key-file FILE, -p12-file FILE Customize the output paths. + -client + Generate a certificate for client authentication. + -ecdsa Generate a certificate with an ECDSA key. @@ -67,6 +70,7 @@ func main() { uninstallFlag = flag.Bool("uninstall", false, "") pkcs12Flag = flag.Bool("pkcs12", false, "") ecdsaFlag = flag.Bool("ecdsa", false, "") + clientFlag = flag.Bool("client", false, "") helpFlag = flag.Bool("help", false, "") carootFlag = flag.Bool("CAROOT", false, "") certFileFlag = flag.String("cert-file", "", "") @@ -95,7 +99,7 @@ func main() { } (&mkcert{ installMode: *installFlag, uninstallMode: *uninstallFlag, - pkcs12: *pkcs12Flag, ecdsa: *ecdsaFlag, + pkcs12: *pkcs12Flag, ecdsa: *ecdsaFlag, client: *clientFlag, certFile: *certFileFlag, keyFile: *keyFileFlag, p12File: *p12FileFlag, }).Run(flag.Args()) } @@ -105,7 +109,7 @@ const rootKeyName = "rootCA-key.pem" type mkcert struct { installMode, uninstallMode bool - pkcs12, ecdsa bool + pkcs12, ecdsa, client bool keyFile, certFile, p12File string CAROOT string