HN Showcase
Back to browse
I rewrote my 2012 self-signed cert generator in Go – cert-depot.com

I rewrote my 2012 self-signed cert generator in Go – cert-depot.com

by dimastopel·Apr 2, 2026·9 points·1 comment
Visit ProjectView on HN

AI Analysis

MidShip It

Pure Go crypto means no OpenSSL dependency, but mkcert already owns this workflow.

Strengths
  • Single binary deployment, in-memory generation protects keys, supports modern SAN requirements.
Weaknesses
  • Web-based key generation raises trust issues, crowded category with better tools.
Target Audience

Developers needing quick test certificates

Similar To

mkcert · OpenSSL · SSLShopper

Post Description

Back in 2012 I built https://cert-depot.com as a weekend project. Node.js + Express + jQuery, shelling out to OpenSSL for certificate generation. It worked but I eventually let it rot. https://news.ycombinator.com/item?id=4766743

Rewrote it from scratch in Go. The entire thing is a single binary with no external dependencies:

1. Certificate generation uses Go's crypto/x509 (no OpenSSL)

2. Certificates are generated in memory and streamed directly — nothing is stored on the server

3. RSA 2048/4096 and ECDSA P-256/P-384

4. Subject Alternative Names (required by browsers since Chrome 58)

5. ZIP (PEM files) or PFX/PKCS#12 output

You comments / suggestions / bug reports are very welcome. Thanks.

Source: https://github.com/dimastopel/certdepot

Similar Projects