Add PKCS#12 generation with default password changeit

Merges #34 Fixes #20
2025-10-13 16:31:41 +08:00 · 2018-07-04 13:35:53 -07:00
parent 53f1769ab5
commit 6be76ae477
3 changed files with 22 additions and 2 deletions
--- a/cert.go
+++ b/cert.go
@@ -21,6 +21,7 @@ import (
 	"os/user"
 	"path/filepath"
 	"regexp"
+	"software.sslmate.com/src/go-pkcs12"
 	"strconv"
 	"strings"
 	"time"
@@ -91,6 +92,12 @@ func (m *mkcert) makeCert(hosts []string) {
 		&pem.Block{Type: "CERTIFICATE", Bytes: cert}), 0644)
 	fatalIfErr(err, "failed to save certificate key")

+	// generate PKCS#12
+	domainCert, _ := x509.ParseCertificate(cert)
+	pfxData, _ := pkcs12.Encode(rand.Reader, priv, domainCert, []*x509.Certificate{m.caCert}, "changeit")
+	err = ioutil.WriteFile(filename+".p12", pfxData, 0644)
+	fatalIfErr(err, "failed to save PKCS#12")
+
 	secondLvlWildcardRegexp := regexp.MustCompile(`(?i)^\*\.[0-9a-z_-]+$`)
 	log.Printf("\nCreated a new certificate valid for the following names 📜")
 	for _, h := range hosts {
@@ -99,7 +106,7 @@ func (m *mkcert) makeCert(hosts []string) {
 			log.Printf("   Warning: many browsers don't support second-level wildcards like %q ⚠️", h)
 		}
 	}
-	log.Printf("\nThe certificate is at \"./%s.pem\" and the key at \"./%s-key.pem\" ✅\n\n", filename, filename)
+	log.Printf("\nThe certificate is at \"./%s.pem\", and the key at \"./%s-key.pem\", and the PKCS#12 at \"./%s.p12\" ✅\n\n", filename, filename, filename)
 }

 // loadCA will load or create the CA at CAROOT.