A pure Rust self-signed certificate generator with interactive and CLI modes.
- Pure Rust: No OpenSSL dependency. Uses
rcgenandp12. - Hybrid Input: CLI arguments + Interactive prompts.
- Modes:
- Simple (default): CN, SAN, Validity days.
- Full (
--full): Adds Country, State, City, Org, OrgUnit. - All (
--all): Adds KeyType selection (RSA/ECDSA/Ed25519).
- I18n: Auto-detects system language (English/Japanese).
- Output:
.key,.crt,.pem,.pfx - Config File:
.suresign.jsonfor persistent settings.
cargo install --path .Or build from source:
cargo build --releasesuresignsuresign --fullsuresign --allsuresign --cn myserver.com --days 365 --non-interactivesuresign --default_settingssuresign --output ./certs --name mycert --default_settings| Flag | Description |
|---|---|
--cn, -c |
Common Name (e.g., myserver.local) |
--sans, -s |
Subject Alternative Names (comma-separated) |
--days, -d |
Validity in days |
--output, -o |
Output directory |
--name, -n |
Output file name (without extension) |
--pfx-password |
PFX password |
--full |
Enable Full Mode (DN fields) |
--all |
Enable All Mode (KeyType, etc.) |
--country |
Country Name (2 letter code) |
--state |
State or Province Name |
--city |
Locality Name |
--org |
Organization Name |
--org-unit |
Organizational Unit Name |
--key-type |
Key algorithm: rsa, ecdsa, ed25519 |
--default_settings |
Use all defaults |
--non-interactive |
Skip prompts |
--yes, -y |
Skip overwrite confirmation |
--verbose, -v |
Show verbose output |
--quiet, -q |
Suppress non-essential output |
--config |
Path to config file |
--cmdlist |
Show available commands |
Create .suresign.json in the current directory or home directory:
{
"cn": "myserver.local",
"sans": ["127.0.0.1", "192.168.1.1"],
"days": 365,
"country": "JP",
"state": "Tokyo",
"city": "Shibuya",
"org": "My Company",
"org_unit": "Dev Team",
"key_type": "ecdsa",
"output": "./certs",
"name": "server"
}CLI arguments take precedence over config file values.
BSD-2-Clause. See LICENSE.
See CHANGELOG.md for version history.