Mini-HowTo
This is a slightly changed version of MiniCA which is capable to set the expiry for certificates.
Also you do not need to be online to compile, all dependencies are packaged in Debian already.
Tested on Ubuntu 22.04
Compile
sudo make debian
sudo /sbin/ip netns add nonet
sudo /sbin/ip netns exec nonet su $LOGNAME
make
You can also use go build of course.
Example use
mkdir ca
cd ca
vim .LIST
./.gen
./.copy
Just copy directory ca to create different CAs.
- Default expiry in
.genis set to 10 years.- This is ok until we reach 2028.
- I think this needs an update in 2027
.gendetectsminicavia the softlink- So if you need different settings, copy
.genin this directory and use softlink to the copy - Both
.genand.copyare only examples. Adapt to your needs.
Commandline
$ ./minica
Usage of minica:
-ca-cert string
Path to the CA Cert (default "cacert.crt")
-ca-common-name string
Common Name of the CA Cert
-ca-key string
Path to the CA Key (default "cakey.key")
-ca-key-size int
CA Key Size (default 2048)
-expire int
expiry in days (default 1080)
-key-size int
Key Size (default 2048)
-org string
Organization of the Cert (default "Example Organization")
-type string
Cert Type (default "auto")
Option -expire was added
minica server.namefor-type servercertificateminica client@client.namefor-type clientcertificate- Detected on the presence of
@
- Detected on the presence of
Original README follows
minica
This is a super micro binary to issue new CAs. This contains nearly nothing else, and does not support revocation, or anything really important. This is just for when you need keys and don't intend to use them for anything big and important. Otherwise, issue things for real.
license
ASL2, see LICENSE.
This contains a chunk of code copied from docker/machine, which is licensed ASL2, with copyright owned by:
- Evan Hazlett (@ehazlett) ejhazlett@gmail.com
- Aaron Huslage (@huslage) huslage@gmail.com