Development on the GoCA projects has been stagnated for a while For that reason, I'm opening the organization to new maintainers who will have the proper permissions to unstuck development.
Those willing to join, contact me by email with the subject [GoCA Maintainer]
and please let me know what motivates you to join in such role.
GocA provides a Certificate Authority (CA) framework managing, a Simple PKI.
GoCA is a framework that uses mainly crypto/x509 to manage Certificate Authorities.
Using GoCA makes it easy to create a CA and issue certificates, signing Certificates Signing Request (CSR), and revoke certificate generating Certificates Request List (CRL).
Content:
go get github.com/kairoaraujo/goca
All files are store in the $CAPATH
. The $CAPATH
is an environment
variable that defines where all files (keys, certificates, etc.) are stored.
It is essential to have this folder in a safe place.
$CPATH structure:
$CPATH
├── <CA Common Name>
├── ca
│ ├── <CA Common Name>.crl
│ ├── <CA Common Name>.crt
│ ├── key.pem
│ └── key.pub
└── certs
└── <Certificate Common Name>
├── <Certificate Common Name>.crt
├── <Certificate Common Name>.csr
├── key.pem
└── key.pub
GoCA also make it easier to manipulate files such as Private and Public Keys, Certificate Signing Request, Certificate Request Lists, and Certificates for other Go applications.
This example shows
// Define the GOCAPTH (Default is current dir)
os.Setenv("CAPATH", "/opt/GoCA/CA")
// RootCAIdentity for creation
rootCAIdentity := goca.Identity{
Organization: "GO CA Root Company Inc.",
OrganizationalUnit: "Certificates Management",
Country: "NL",
Locality: "Noord-Brabant",
Province: "Veldhoven",
Intermediate: false,
}
// (1) Create the New Root CA or loads existent from disk ($CAPATH)
RootCA, err := goca.New("mycompany.com", rootCAIdentity)
if err != nil {
// Loads in case it exists
fmt.Println("Loading CA")
RootCA, err = goca.Load("gocaroot.nl")
if err != nil {
log.Fatal(err)
}
// Check the CA status and shows the CA Certificate
fmt.Println(RootCA.Status())
fmt.Println(RootCA.GetCertificate())
} else {
log.Fatal(err)
}
// (2) Issue certificate for example intranet server
intranetIdentity := goca.Identity{
Organization: "Intranet Company Inc.",
OrganizationalUnit: "Global Intranet",
Country: "NL",
Locality: "Noord-Brabant",
Province: "Veldhoven",
Intermediate: false,
DNSNames: []string{"w3.intranet.example.com", "www.intranet.example.com"},
}
intranetCert, err := RootCA.IssueCertificate("intranet.example.com", intranetIdentity)
if err != nil {
log.Fatal(err)
}
// (3) Shows the Certificate (string)
fmt.Println(intranetCert.GetCertificate())
// Shows all CA Certificates
fmt.Println(RootCA.ListCertificates())
GoCA also provides an implementation using HTTP REST API.
This is available in rest-api
folder.
GoCA Docker ready to use HTTP Rest API that uses mainly crypto/x509 to manage Certificate Authorities and Certificates such as a simple PKI Service.
The API Documentation is online available at http://kairoaraujo.github.io/goca/.
More details in Docker README.
GoCA Docker Image is available at https://hub.docker.com/r/kairoaraujo/goca/
See CONTRIBUTING.