Show HN: I rewrote my 2012 self-signed cert generator in Go – cert-depot.com
Back in 2012 I built https://cert-depot.com as a weekend project. Node.js + Express + jQuery, shelling out to OpenSSL for certificate generation. It worked but I eventually let it rot. https://news.ycombinator.com/item?id=4766743
Rewrote it from scratch in Go. The entire thing is a single binary with no external dependencies:
1. Certificate generation uses Go's crypto/x509 (no OpenSSL)
2. Certificates are generated in memory and streamed directly — nothing is stored on the server
3. RSA 2048/4096 and ECDSA P-256/P-384
4. Subject Alternative Names (required by browsers since Chrome 58)
5. ZIP (PEM files) or PFX/PKCS#12 output
You comments / suggestions / bug reports are very welcome. Thanks.
Source: https://github.com/dimastopel/certdepot Nice rewrite. The SAN support is the right call, a lot of older generators trip on that. One thing worth knowing if you're using this for internal services: generating the cert is the easy part. Getting the CA cert into the trust stores of everything that needs to trust it is where self-signed deployments usually turn into a maintenance problem, especially across a mix of Linux servers, Windows machines, and Java apps with their own keystores.