Gimmecert is a simple CLI tool for quickly issuing X.509 server and client certificates using locally-generated CA hierarchy with minimal hassle.
The tool is useful for issuing certificates in:
- Local environment, when trying out a piece of new software that depends on use of certificates.
- Development environment, when it is necessary to issue certificates either for purpose of integration with other systems, or for ability to develop new feature that involves use of certificates.
- Testing/CI/CD environment, when it is necessary to deploy/configure tests to use certificates in order to ensure the tests are run properly and in full.
At time of this writing, Gimmecert is compatible with the following Python versions:
- Python 3.8
- Python 3.9
- Python 3.10
- Python 3.11
- Python 3.12
The tool was created to remove the pain of setting-up a CA hierarchy, and then using this hierarchy to issue a couple of test certificates.
While there are existing tools that can be used to this end (in
particular the OpenSSL's CLI and GnuTLS' certtool
), the process of
using them is tedious, slow, and error-prone.
There are some more long-lived solutions out there, in form of full-blown CAs, but those can be both an overkill and resource hog when all a person needs is a couple of certificates that can be thrown away.
Gimmecert provides the following features:
- It is very easy to use. Commands are intuitive, and require minimal input from the user.
- Initialisation of CA hierarchy for issuing certificates. CA hierarchy depth can be specified, letting you easily simulate your production environment.
- Issuance of TLS server certificates, with any number of DNS subject alternative names.
- Issuance of TLS client certificates.
- All generated artifacts stored within a single sub-directory
(
.gimmecert
), relative to directory where command is invoked. This allows you to easily issue per-project testing certificates.
In case of problems with the tool, please do not hesitate to contact the author at gimmecert (at) majic.rs. Known issues and planned features are tracked on website:
The tool is hosted on author's own server, alongside a mirror on Github:
Documentation is available on:
Gimmecert code is licensed under the terms of GPLv3, or (at your option) any later version. You should have received the full copy of the GPLv3 license in the local file LICENSE-GPLv3, or you may read the full text of the license at:
Gimmecert documentation is licensed under the terms of CC-BY-SA 3.0 Unported license. You should have received the full copy of the CC-BY-SA 3.0 Unported in the local file LICENSE-CC-BY-SA-3.0-Unported, or you may read the full text of the license at: