aipper/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2025-10-14 00:41:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add mkcert -CAROOT

Browse Source 
Closes #26
Fixes #21
This commit is contained in:
Filippo Valsorda
2018-07-03 17:33:14 -04:00
parent a354fb02fd
commit e9ef9b3787
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -52,17 +52,17 @@ Warning: the `rootCA-key.pem` file that mkcert automatically generates gives com
### Changing the location of the CA files ### Changing the location of the CA files
The CA certificate and its key are stored in an application data folder in the user home. You usually don't have to worry about it, as installation is automated, but if you need it it's printed in the first line of the mkcert output. The CA certificate and its key are stored in an application data folder in the user home. You usually don't have to worry about it, as installation is automated, but if you need it it's printed by `mkcert -CAROOT`.
If you want to manage separate CAs, you can use the environment variable `CAROOT` to set the folder where mkcert will place and look for the local CA files. If you want to manage separate CAs, you can use the environment variable `$CAROOT` to set the folder where mkcert will place and look for the local CA files.
### Installing the CA on other systems ### Installing the CA on other systems
Installing in the trust store does not require the CA key, so you can export just the CA certificate and use mkcert to install it in other machines. Installing in the trust store does not require the CA key, so you can export just the CA certificate and use mkcert to install it in other machines.
* Look for the `rootCA.pem` file in `CAROOT` or in the default folder (see above) * Look for the `rootCA.pem` file in `mkcert -CAROOT`
* copy it to a different machine * copy it to a different machine
* set `CAROOT` to its directory * set `$CAROOT` to its directory
* run `mkcert -install` * run `mkcert -install`
Remember that mkcert is meant for development purposes, not production, so it should not be used on end users' machines, and that you should *not* export or share `rootCA-key.pem`. Remember that mkcert is meant for development purposes, not production, so it should not be used on end users' machines, and that you should *not* export or share `rootCA-key.pem`.

14
main.go
View File

@@ -9,6 +9,7 @@ import (
"crypto" "crypto"
"crypto/x509" "crypto/x509"
"flag" "flag"
"fmt"
"log" "log"
"net" "net"
"os" "os"
@@ -23,7 +24,15 @@ func main() {
log.SetFlags(0) log.SetFlags(0)
var installFlag = flag.Bool("install", false, "install the local root CA in the system trust store") var installFlag = flag.Bool("install", false, "install the local root CA in the system trust store")
var uninstallFlag = flag.Bool("uninstall", false, "uninstall the local root CA from the system trust store") var uninstallFlag = flag.Bool("uninstall", false, "uninstall the local root CA from the system trust store")
var carootFlag = flag.Bool("CAROOT", false, "print the CAROOT path")
flag.Parse() flag.Parse()
if *carootFlag {
if *installFlag || *uninstallFlag {
log.Fatalln("ERROR: you can't set -[un]install and -CAROOT at the same time")
}
fmt.Println(getCAROOT())
return
}
if *installFlag && *uninstallFlag { if *installFlag && *uninstallFlag {
log.Fatalln("ERROR: you can't set -install and -uninstall at the same time") log.Fatalln("ERROR: you can't set -install and -uninstall at the same time")
} }
@@ -96,9 +105,10 @@ Usage:
Generate "_wildcard.example.com.pem" and "_wildcard.example.com-key.pem". Generate "_wildcard.example.com.pem" and "_wildcard.example.com-key.pem".
$ mkcert -uninstall $ mkcert -uninstall
Unnstall the local CA (but do not delete it). Uninstall the local CA (but do not delete it).
Change the CA certificate and key storage location by setting $CAROOT. Change the CA certificate and key storage location by setting $CAROOT,
print it with "mkcert -CAROOT".
`) `)
return return
} }