Insecure

Generate deterministic TLS certificates for local Go development servers. The certificates use a P-256 ECDSA private key generated with a total lack of randomness.

Optionally, the certificates generated by this package will be signed by your local mkcert root CA. See the mkcert docs for more information.

Why?

So your browser can trust a single certificate from your development servers, and dev/test with TLS. Do not use in production.

Install

go get github.com/alta/insecure

Local CA

This package works with mkcert to generate certificates that are signed by your machine’s local certificate authority (CA). To use this feature, run mkcert -install on your development machine before generating a certificate.

Usage

Get a TLS certificate suitable for localhost, 127.0.0.1, etc:

cert, err := insecure.Cert()

Get a TLS certificate for a specific set of subject alternative names:

cert, err := insecure.Cert("crowbar.local", "::1", "192.168.0.42")

Get a certificate pool that trusts cert, useful for building net/http clients that call other services using cert:

pool, err := insecure.Pool(cert)

Note

Seriously, do not use this in production.

Author

Originally developed by @cee-dub for Alta Software LLC.

This package includes functions adapted from mkcert. Neither the authors of mkcert nor Google, Inc. have promoted or endorsed this project.