A very small utility for making self-signed certificates and private keys using ocaml-x509 and ocaml-nocrypto for key generation. Intended as a (non-drop-in) replacement for these uses of the command-line
certify is now available in
opam, a free source-based package manager for OCaml. You can install
certify via opam with
opam install certify.
Outside of opam:
git clone https://github.com/yomimono/ocaml-certify cd ocaml-certify ocaml pkg/pkg.ml build
Binaries will be in
_build/src, and you can install them wherever you like, or just use them in place.
For help, try
sign --help, or
selfsignproduces a private key and self-signed certificate
signtakes a certificate signing request, and a CA (key and certificate), and produces a certificate
csrproduces a private key and a certificate signing request
openssl interoperability tests are in
tests/test.sh. Additional tests using american fuzzy lop to test the robustness of
sign when given arbitrary data as a CSR are automatically run via bun when
certify is installed with
opam install -t.
>= "1.0.0" & < "1.1.0"
>= "0.6.0" & < "0.7.0"