Lightweight self-signed certificate generator, size between 1.5MB (executable) and 5MB (docker image).
Generate self-hosted or development certificates through simple configuration.
Create self-signed certificates supporting *.lab.com and *.data.lab.com domains with just "One Click":
docker run --rm -it -v `pwd`/ssl:/ssl soulteary/certs-maker:v3.8.0 "--CERT_DNS=lab.com,*.lab.com,*.data.lab.com"
# OR use environment:
# docker run --rm -it -v `pwd`/ssl:/ssl -e "CERT_DNS=lab.com,*.lab.com,*.data.lab.com" soulteary/certs-maker:v3.8.0The generated certificates will be stored in the ssl directory within the execution directory:
ssl
├── lab.com.conf
├── lab.com.der.crt
├── lab.com.der.key
├── lab.com.pem.crt
└── lab.com.pem.keyYou can use PEM or DER format certificates according to your preference.
For those who prefer file-based configuration, you can use a docker-compose.yml file like this:
version: '2'
services:
certs-maker:
image: soulteary/certs-maker:v3.8.0
environment:
- CERT_DNS=lab.com,*.lab.com,*.data.lab.com
volumes:
- ./ssl:/sslThen, run the following command:
docker-compose up
# OR
# docker compose upTo make the certificate more Kubernetes-friendly, add the FOR_K8S parameter:
docker run --rm -it -v `pwd`/ssl:/ssl soulteary/certs-maker:v3.8.0 "--CERT_DNS=lab.com,*.lab.com,*.data.lab.com --FOR_K8S=ON"
# OR
# docker run --rm -it -v `pwd`/ssl:/ssl -e "CERT_DNS=lab.com,*.lab.com,*.data.lab.com" -e "FOR_K8S=ON" soulteary/certs-maker:v3.8.0Here's a K8s-friendly docker-compose.yml file:
version: '2'
services:
certs-maker:
image: soulteary/certs-maker:v3.8.0
environment:
- CERT_DNS=lab.com,*.lab.com,*.data.lab.com
- FOR_K8S=ON
volumes:
- ./ssl:/sslTo enhance compatibility with Firefox, include the FOR_FIREFOX parameter:
docker run --rm -it -v `pwd`/ssl:/ssl soulteary/certs-maker:v3.8.0 "--CERT_DNS=lab.com,*.lab.com,*.data.lab.com --FOR_FIREFOX=ON"
# OR
# docker run --rm -it -v `pwd`/ssl:/ssl -e "CERT_DNS=lab.com,*.lab.com,*.data.lab.com" -e "FOR_FIREFOX=ON" soulteary/certs-maker:v3.8.0And here's a Firefox-friendly docker-compose.yml file:
version: '2'
services:
certs-maker:
image: soulteary/certs-maker:v3.8.0
environment:
- CERT_DNS=lab.com,*.lab.com,*.data.lab.com
- FOR_FIREFOX=ON
volumes:
- ./ssl:/sslFor more granular control over certificate details, such as issuing country, province, street, and organization name, refer to the following section on manually adding parameters.
Customize your generated certificate by setting environment variables or using Docker CLI arguments.
Using environment variables:
| Parameter | Name | Use in environment variables |
|---|---|---|
| Country Name | CERT_C | CERT_C=CN |
| State Or Province Name | CERT_ST | CERT_ST=BJ |
| Locality Name | CERT_L | CERT_L=HD |
| Organization Name | CERT_O | CERT_O=Lab |
| Organizational Unit Name | CERT_OU | CERT_OU=Dev |
| Common Name | CERT_CN | CERT_CN=Hello World |
| Domains | CERT_DNS | CERT_DNS=lab.com,*.lab.com,*.data.lab.com |
| Issue for K8s | FOR_K8S | FOR_K8S=ON |
| Issue for Firefox | FOR_FIREFOX | FOR_FIREFOX=ON |
| File Owner User | USER | USER=ubuntu |
| File Owner UID | UID | UID=1234 |
| File Owner GID | GID | GID=2345 |
| Custom certs output dir | DIR | DIR=./ssl |
| Custom certs filename | CUSTOM_FILE_NAME | CUSTOM_FILE_NAME=filename |
| Expire Days | EXPIRE_DAYS | EXPIRE_DAYS=3650 |
Using program CLI arguments:
| Parameter | Name | Use in CLI arguments |
|---|---|---|
| Country Name | CERT_C | --CERT_C=CN |
| State Or Province Name | CERT_ST | --CERT_ST=BJ |
| Locality Name | CERT_L | --CERT_L=HD |
| Organization Name | CERT_O | --CERT_O=Lab |
| Organizational Unit Name | CERT_OU | --CERT_OU=Dev |
| Common Name | CERT_CN | --CERT_CN=Hello World |
| Domains | CERT_DNS | --CERT_DNS=lab.com,*.lab.com,*.data.lab.com |
| Issue for K8s | FOR_K8S | --FOR_K8S=ON |
| Issue for Firefox | FOR_FIREFOX | --FOR_FIREFOX=ON |
| File Owner User | USER | --USER=ubuntu |
| File Owner UID | UID | --UID=1234 |
| File Owner GID | GID | --GID=2345 |
| Custom certs output dir | DIR | --DIR=./ssl |
| Custom certs filename | CUSTOM_FILE_NAME | --CUSTOM_FILE_NAME=filename |
| Expire Days | EXPIRE_DAYS | --EXPIRE_DAYS=3650 |