mkcert - No config certificate authority tool

  •        0
  

We aggregate and tag open source projects. We have collections of more than one million projects. Check out the projects section.



Mkcert is go-lang project, which is super easy tool to setup certificate authority without any configuration. Using certificates are inevitable these days, data should be transferred in a secure communication channel. Buying a certificate is expensive and mostly companies buy certificates only for production systems. In Dev setup, if we use self-signed certificate then there will be trust errors. mkcert automatically creates and installs a local CA in the system root store, and generates locally-trusted certificates.


Installation

Follow below steps to setup certificate authority

Mkcert tool can be downloaded directly from git hub project as shown below


curl -o mkcert -L
    'https://github.com/FiloSottile/mkcert/releases/download/v1.1.0/mkcert-v1.1.0-linux-amd64'


In the releases page, downloads are available specific for Windows, MacOS and Linux. Change the mkcert file as executable

chmod +x mkcert

 

Install the mkcert in your box

./mkcert -install

 

Once installed the certificate and private key of certificate authority will be available in mkcert root path. Mkcert root path can be found from the below command

./mkcert -CAROOT

 

Run the mkcert to generate certificate and key from the installed CA with the host names requested in the command. Certificate and keys will be generated with hostnames like localhost.pem and localhost-key.pem, similarly for 127.0.0.1 will be available in current directory.

./mkcert localhost 127.0.0.1

 

Let's verify how it works?

Now certificate authority is available in your trusted certificate authority store. It can be verified by checking in following path

cd /etc/ssl/certs/
ls | grep -i mkcert

Start a server in SSL mode to have https connectivity. Here we are using nodejs to start simple server. Install the http-server (Prerequisite npm and nodejs should be installed).

 npm install -g http-server

Start the http server with the port and ssl having generated certificate(localhost.pem) and key(localhost-key.pem).

 http-server -p 8080 --ssl --cert localhost.pem --key localhost-key.pem

So now hitting the url( https://localhost:8080 ) through browser or the curl command will show up page with text message saying the server is running in this port. If the server is started with self-signed cert, it will show insecure in the browser.

Mkcert creates certificate authority root certificate and key which has chain of certificate authority linked to let’s encrypt certificate authority. Let’sencyrpt certificate authority is a free, automated and open source certificate authority. It will be the intermediate chain of trust for the certificate authority installed by mkcert. It automatically renews the CA certificate and updates the certificate authority store. To know more about LetsEncrypt, please refer https://letsencrypt.org/docs/

End entity Certificate authority installed when mkcert installed. When mkcert runs with host names, it generates the private key and creates the certificate from the locally installed CA. This certificate used while server startup with ssl mode. When a client access the server, this certificate issued to client which in turn verifies the certificate authority present in the issued certificate. The certificate authority is nothing but installed by mkcert and available in the certificate trust store so handshake happens successfully.

This works well for the local development purpose, integration and security testing. If we are using the self signed certificate, certificate exception has to be accepted or ignored at the automated integration testing or security testing.

Use CA in multiple machines?

The certificate authority is security aspect which doesn’t depend on platforms. Same CA can also be used on Mac / Mobile / Tablet devices.  Root CA can be copied to other machines trust store and run mkcert so it will be common CA for
multiple machines. It might help for distributed system to have common CA instead of having
CA for each node.

Reference:

https://github.com/FiloSottile/mkcert

 


Sponsored:
To find embedded technology information about MCU, IoT, AI etc Check out embedkari.com.


   

Nagappan is a freelance developer and also does corporate training.




Related Articles

GlobalSign - Free Certificate for Open Source Projects

  • free certificate ssl security

GlobalSign is one of the Internet’s original trust service providers (technically known as Certificate Authorities). They have issued millions of trusted Digital Certificates to people, servers and mobile devices for Public Key Infrastructure (PKI) enabled solutions and applications. They are now giving certificates for free for open source projects.

Read More


LetsEncrypt certificate using ZeroSSL tools

  • ssl-certificate certificate security

Let’s Encrypt is a free, automated, and open Certificate Authority. It uses ACME protocol to validate your domain. If you have complete control over your domain, you can get a certificate for free. In order to provide secure access to your public network like HTTPS, LDAPS etc you need a certificate from a Certificate Authority. The cost of the certificate range from 10$ to 100$. If you want a wildcard certificate then it may cost more. The certificate is valid for one year and you need to pay and renew every year. Let's Encrypt comes for the rescue. You can create and renew certificate for few.

Read More


Ngnix - High Performance Web Server, Proxy Server, Content Cache and Reverse Proxy

  • load-balancer proxy-server web-server

Nginx is a High Performance Web Server, Proxy Server, Content Cache and Reverse Proxy server. It can also be used as mail proxy server and a generic TCP/UDP proxy server. Nginx claims to be more efficient and faster in the Web space compared to the other web servers. This can be evident with the architecture which is based on asynchronous event-driven approach. The event driven architecture enables to scale to hundreds / thousands of concurrent connections.

Read More


AbanteCart - Easy to use open source e-commerce platform, helps selling online

  • e-commerce ecommerce cart

AbanteCart is a free, open source shopping cart that was built by developers with a passion for free and accessible software. Founded in 2010 (launched in 2011), the platform is coded in PHP and supports MySQL. AbanteCart’s easy to use admin and basic layout management tool make this open source solution both easy to use and customizable, depending on the skills of the user. AbanteCart is very user-friendly, it is entirely possible for a user with little to no coding experience to set up and use this cart. If the user would be limited to the themes and features available in base AbanteCart, there is a marketplace where third-party extensions or plugins come to the rescue.

Read More


An introduction to web cache proxy server - nuster

  • web-cache proxy-server load-balancer

Nuster is a simple yet powerful web caching proxy server based on HAProxy. It is 100% compatible with HAProxy, and takes full advantage of the ACL functionality of HAProxy to provide fine-grained caching policy based on the content of request, response or server status. This article gives an overview of nuster - web cache proxy server, its installation and few examples of how to use it.

Read More



Restrict Solr Admin Access

  • solr searchengine tips

Solr is a search engine built on top of Lucene. It supports REST interface and has lot of built-in capabilities. Solr package has Admin UI interface which has support to perform query and even delete the contents of the index. If you are using Solr in production then you may need to restrict access. I saw couple of questions in the group related to this topic. Thought to write an article explaining few tips to restrict the user access to Solr admin UI.

Read More


Top 3 color quantization algorithms

  • color-optimization color-quantization algorithm

I have been writing on the desktop image processing application. At the version 1.0, I use the octree color quantization algorithm to reduce image to 256 colors, which is highly memory efficient with each pixel assigned the color at the center of the octree bin in which it falls. On the other hand, generates the palette using the distribution of colors in the image, but it does not consider the frequency of color. This means that if an image is composed of similar colors overall but has many different low-frequency colors or noise, octree's results can be very poor.

Read More


An Introduction to the UnQLite Embedded NoSQL Database Engine

  • database nosql embedded key-value-store

UnQLite is an embedded NoSQL database engine. It's a standard Key/Value store similar to the more popular Berkeley DB and a document-store database similar to MongoDB with a built-in scripting language called Jx9 that looks like Javascript. Unlike most other NoSQL databases, UnQLite does not have a separate server process. UnQLite reads and writes directly to ordinary disk files. A complete database with multiple collections is contained in a single disk file. The database file format is cross-platform, you can freely copy a database between 32-bit and 64-bit systems or between big-endian and little-endian architectures.

Read More


LogicalDOC - Open Source DMS

  • dms document-management-system

LogicalDOC is both a document management and a collaboration system. The software is loaded with many functions and allows organizing, indexing, retrieving, controlling and distributing important business documents securely and safely for any organization and individual.

Read More


Microweber CMS - An open source CMS with Ecommerce support

  • cms e-commerce microweber

To the user's satisfaction, there is a whole wide world of different CMS, all suitable for different needs. You can go for the giants like Wordpress or Joomla or pick one of the rising forces - Shopify, Squarespace or others. Microweber CMS fills a hole in the current technological ecosystem, aimed at delivering a light software that is perfect for all end-users lacking the technical knowledge needed for complicated website building.

Read More


Appserver.io – The First Multithreaded Application Server for PHP written in PHP

  • appserver application-server php

What if you could reliably run PHP without Nginx or Apache, but also without relying on its internal server? What if you could do async operations in PHP with true multi threading, fully taking advantage of multi core processors without hacks or a jungle of callbacks? What if you had drag and drop installation support for your PHAR packaged web apps in an environment identical to its production counterpart? Welcome to appserver.io – the worlds first open source application server for PHP.

Read More


Benefits in contributing to Open Source

  • open-source opensource contribute benifits

What the benefit will i get, if i contribute to Open Source? This is the frequently asked question by many people. I just want to pen down the benefits which i know and i hope you will agree with it.

Read More


Struts 1.x End Of Life. Whats alternative?

  • java eol struts

The Apache Struts Project Team announced End of Life (EOL) for Struts 1.x web framework. Struts was launched in the year 2000. It is only of the widely used web framework. It gave better control over writing UI and business logic code directly in to JSPs.

Read More


Exonum Blockchain Framework by the Bitfury Group

  • blockchain bitcoin hyperledger blockchain-framework

Exonum is an extensible open source blockchain framework for building private blockchains which offers outstanding performance, data security, as well as fault tolerance. The framework does not include any business logic, instead, you can develop and add the services that meet your specific needs. Exonum can be used to build various solutions from a document registry to a DevOps facilitation system.

Read More


ONLYOFFICE Document Server, an online office app for Nextcloud and ownCloud

  • office office-suite word spreadsheet

ONLYOFFICE Document Server is a free collaborative online office suite including viewers and editors for texts, spreadsheets and presentations, fully compatible with Office Open XML formats (.docx, .xlsx, .pptx). This article provides you the overview of ONLYOFFICE Document Server, its features, installation and integration with Nextcloud and ownCloud.

Read More


Crowdfunding for Open Source Projects

  • free crowdfunding open-source

Open Source projects requires sponsors to fund their project. Few got good funding but few others are struggling to continue their project. A contributor, who does full time work in open source project requires funding to take care his needs. He has to be paid and he cannot do it for free. For those who don't get fund, check out this crowdfunding sites, these are exclusively for open source projects. Join these, get some fund and continue your dream.

Read More


10 Free services for your Website / Blog. Just plug it.

  • free website blog free-service free-resources

Each website / blog delivers useful content or service to its users. But website themselves requires some service to monitor and increase its presence. Here are few free services which could be used by Website / Blog. This will be very much helpful for small business owners.

Read More


Solr vs Elastic Search

  • full-text-search search-engine lucene solr elastic-search

Solr and Elastic Search are built on top of Lucene. Both are open source and both have extra features which makes programmer life easy. This article explains the difference and the best situation to choose between them.

Read More


Web based commenting system. Embed directly in to your site

  • comment free commenting-system

Comments are very important for a blog or website to get feedback from their users. Comments could be threaded where users could be discuss and post reply to the comment. Here we going discuss about the most popular and widely used free commenting system. You need to embed their javascript code in your every page and it will take care the rest of the task.

Read More


Is Unix time end by 2038

  • unix-time year-2038

In 32 bit operating system, Dates are calculated using number of seconds differece between 1 January 1970 and current date. This difference will reset to 00:00:00 on January 2038. This is called year-2038 Bug.

Read More