A small program for generating CSRs in bulk. Uses BouncyCastle crypto library for crypto magic.
Requires Visual Studio 2017 or later. Just open and build.
The application works in the context of a "workspace" (this is the top URL like bar). It will scan this directory for all certificate like things. Each recognized file will be shown in the box on the left, with details on the right. If a file is selected, the box will also highlight other files with the same keys or a corresponding public/private key.
On the Generate tab, CSRs and self-signed certificates can be generated (in bulk if you want). The box to the left takes a list of names. For server certificates this is the DNS name. It will generate a CSR or certificate for each line. You can put multiple items on one line, seperated by commas. If you put multiple items on a line, they will be populated as the subject alternative name. The first item will be the common name (CN).
For more information about the options, check the OpenSSL docs or just google it. Or update this readme and make a PR.
On the sign certificates tab you can sign certificates. For more info see HOWTO_CA.md.
In the middle, check the CSRs you want to sign.
On the right, select the duration and click sign. It will put certificates right next to the CSRs with a different extension.
- It doesn't do fancy stuff like OCSP, CRL, SCT, etc etc etc. It only supports the most common extensions.
- It doesn't show certificate chains.
- It doesn't show CSR details in the info panel.
- It can under some circumstances generate invalid certificates (i.e. if you specify invalid usages).
- It doesn't support PKCS12 containers (p12/pfx files). To combine
.keyand.cerfiles into a PKCS12 file using openssl, see this. - It does not securely save keys (i.e. with passwords). It just plops them on disk.
- It only saves files as PEM.
- You cannot modify extensions when signing certificates.
- Self signed certificates have a hardcoded duration of 30 years.
see LICENSE