ENGLISH | 中文文档

Tiny self-signed tool, ~ 3MB Size.

Generate a self-hosted / dev certificate through configuration.

Generate self-signed certificate supporting *.lab.com and *.data.lab.com, just "One Click":

docker run --rm -it -v `pwd`/ssl:/ssl soulteary/certs-maker "--CERT_DNS=lab.com,*.lab.com,*.data.lab.com"
# OR use environment:
# docker run --rm -it -v `pwd`/ssl:/ssl -e "CERT_DNS=lab.com,*.lab.com,*.data.lab.com" soulteary/certs-maker

Check in the ssl directory of the execution command directory:

ssl
├── lab.com.conf
├── lab.com.crt
└── lab.com.key

If you prefer to use file configuration, you can use docker-compose.yml like this:

version: '2'
services:

certs-maker:
    image: soulteary/certs-maker
    environment:
      - CERT_DNS=lab.com,*.lab.com,*.data.lab.com
    volumes:
      - ./ssl:/ssl

Then execute the following command:

docker-compose up
# OR
# docker compose up

If you want the certificate to be more friendly to K8s, you can add the FOR_K8S parameter:

docker run --rm -it -v `pwd`/ssl:/ssl soulteary/certs-maker "--CERT_DNS=lab.com,*.lab.com,*.data.lab.com --FOR_K8S=ON"
# OR
# docker run --rm -it -v `pwd`/ssl:/ssl -e "CERT_DNS=lab.com,*.lab.com,*.data.lab.com" -e "FOR_K8S=ON" soulteary/certs-maker

And K8S friendly compose file:

version: '2'
services:

certs-maker:
    image: soulteary/certs-maker
    environment:
      - CERT_DNS=lab.com,*.lab.com,*.data.lab.com
      - FOR_K8S=ON
    volumes:
      - ./ssl:/ssl

If you want to further define the information content of the certificate, including the issuing country, province, street, organization name, etc., you can refer to the following document to manually add parameters.

You can customize the generated certificate by declaring the environment variables or cli args of docker.

Use in environment variables:

Use in Program CLI arguments:

soulteary/certs-maker