The quickcert library exists to allow applications to generate a key/certificate pair with minimal fuss. It is very limited, by design:

• When creating the actual root CA key/certificates, there are no configuration parameters.
• When creating a server certificate, the caller may pass in a name, which will be used for the certificate's commonName field, and a list of DNS names that will be used as subjectAltName DNS entries.

This repository also hosts a tool called qcert, which is an application binary that adds a simple cli for the quickcert library crate.

More configuration options may be added in the future, but it will always be a goal to keep it minimal, uncomplicated and unsuitable for production use.

Test setup

Before using the generated files in a real project, it's a good idea to test them using OpenSSL's built-in server and client test tools.

1. Install qcert by whatever means is most convenient.
2. Create root CA key/certificate pair:

   $ qrest mk-ca
   

3. Create a server key/certificate pair:

   $ qrest mk-srv --domain localhost server
   

4. In a separate terminal, launch the openssl test server (from the same directory the key/certificate pairs were created in):

   $ openssl s_server -CAfile ca.cert.pem -key server.key.pem -cert server.cert.pem -accept 4444
   

5. In a separate terminal, launch the openssl test client (from the same directory the key/certificate pairs were created in):

   $ openssl s_client -connect localhost:4444 -servername localhost -CAfile ca.cert.pem