HN Showcase
Back to browse
GitHub Repository

Create and trust root CA and self-signed certificates on macOS and Windows. Export DER, PEM, PFX, and P7B formats.

6 starsC#

SelfCertForge, manage root CAs and self-signed certs on macOS/Windows

by rbonestell·May 13, 2026·5 points·1 comment
Visit ProjectView on HN

AI Analysis

MidSolve My ProblemCozy

GUI for OpenSSL certs when Keychain Access and certmgr already exist.

Strengths
  • Cross-platform trust store integration handles the tedious sudo keychain commands automatically
  • Multiple export formats (DER, PEM, PFX, P7B) cover common deployment scenarios
  • Clean UI for a workflow that's typically command-line driven and easy to forget
Weaknesses
  • OpenSSL CLI and built-in OS tools already handle this without installing new software
  • .NET MAUI desktop apps have limited adoption and potential compatibility concerns
Target Audience

Developers running local services who need self-signed certificates

Similar To

XCA · Portecle · OpenSSL

Post Description

Hi, HN!

I recently published SelfCertForge, an open source desktop app for creating and managing self-signed certificates on macOS and Windows:

https://github.com/rbonestell/SelfCertForge/

I know, I know... this isn't an earth-shattering invention. This came from a place of years of personal annoyance. I’ve been maintaining scripts that wrapped OpenSSL for local certificate workflows: create a long-lived root cert, add it to the trust store, then generate and sign child certificates for local services.

The scripts work but the workflow was clunky. Used infrequently enough that it's easy to forget the flags, not much easier to explain to anyone than OpenSSL itself, and irritating to repeat across machines. Every time I'd share them with colleagues and friends there were always questions and feature requests, so I used Claude Code to amplify my UI/UX design skills (well, I can't amplify 0...) and turned the functionality into a cross-platform GUI.

SelfCertForge can generate root CAs and add them to the system's trust store, generate and sign child certificates, and export DER, PEM, PFX, and P7B formats. It also supports common X.509 fields like Subject, SANs, and Key Usage.

Very important caveat: this is not suitable for production environments or public-facing SSL/TLS.

Similar Projects

Open Source●●Solid

I built an open-source About A macOS style photo manager for Windows

Folder-native manifests plus a global SQLite index let you keep originals untouched while getting album features and very fast queries — smart trade-offs for large local libraries. Live Photo pairing/playback, a map view, and GPU-accelerated browsing show real engineering focus; it's not reinventing the genre (digiKam/Lightroom exist), but this is a tidy Photos-to-Windows port with thoughtful implementation details.

Niche GemWizardry
main-protect
104mo ago