certify

Utility for signing x509 certificates and creating CSRs.
README

A very small utility for making self-signed certificates and private keys using ocaml-x509 and ocaml-nocrypto for key generation. Intended as a (non-drop-in) replacement for these uses of the command-line openssl utility.

Install

certify is now available in opam, a free source-based package manager for OCaml. You can install certify via opam with opam install certify.

Outside of opam:

git clone https://github.com/yomimono/ocaml-certify
cd ocaml-certify
ocaml pkg/pkg.ml build

Binaries will be in _build/src, and you can install them wherever you like, or just use them in place.

Running

For help, try selfsign --help, sign --help, or csr --help.

  • selfsign produces a private key and self-signed certificate

  • sign takes a certificate signing request, and a CA (key and certificate), and produces a certificate

  • csr produces a private key and a certificate signing request

Tests

Simple openssl interoperability tests are in tests/test.sh. Additional tests using american fuzzy lop to test the robustness of sign when given arbitrary data as a CSR are automatically run via bun when certify is installed with opam install -t.

Install
Published
24 Dec 2017
Sources
certify-0.2.tbz
md5=6d2faab47941a748af34eee056907a87
Dependencies
conf-openssl
with-test
cmdliner
>= "1.0.0" & < "1.1.0"
cstruct
>= "3.2.0"
x509
>= "0.6.0" & < "0.7.0"
nocrypto
>= "0.5.4"
topkg
build
ocaml
>= "4.01.0"
Reverse Dependencies