Skip to content

audricsun/certboy

Repository files navigation

certboy

CI Build Pages Rust License

Certboy is a Rust CLI for managing a local PKI:

  • Root CA (self-signed)
  • Intermediate CA (issued by a Root CA)
  • TLS/server certificates (issued by Root CA or ICA)

screenshot

Disclaimer

This project is just a POC for my personal study and homelab. DO NOT SUGGEST USING FOR PRODUCTION. certboy stores everything in a single “context” directory and provides utilities for creating, inspecting, exporting, importing, renewing, and revoking certificates.

Default Context

  • Default: ~/.local/state/certboy (or $XDG_STATE_HOME/certboy)
  • Override: --context <path>
  • Env override: CERTBOY_CONTEXT

Key Algorithm

  • Root CA key algorithm defaults to ECDSA P-256.
  • The algorithm is written to meta.json and all ICAs/TLS certificates under that Root CA inherit it.

Install

Build from source:

cargo build --release
sudo cp target/release/certboy /usr/local/bin/

Quickstart

./scripts/quickstart.sh

Common Examples

Initialize a Root CA:

certboy --domain example.com --cn ExampleOrg --root-ca

Initialize a Root CA with RSA:

certboy --domain example.com --cn ExampleOrg --root-ca --key-algorithm rsa

Create an Intermediate CA:

certboy --domain ops.example.com --ca example.com --cn Ops.ExampleOrg

Issue a TLS certificate (single domain):

certboy --ca example.com -d auth.example.com

Issue a TLS certificate with multiple SANs (positional args are merged with -d/--domain):

certboy --ca ops.example.com docs.ops.example.com docs1.ops.example.com '*.ops.example.com' 127.0.0.1

Check certificates:

certboy check
certboy check --detail
certboy check --renew

Environment Variables

  • LOGLEVEL: default log level (trace|debug|info|warn|error)
  • CERTBOY_CONTEXT: default context path (equivalent to --context)

Documentation

Full documentation available at: https://audricsun.github.io/certboy/

Development

cargo fmt
cargo test

Release Workflow

Releases are automated. To trigger a release:

# Update VERSION to release version (e.g., 2026.4.1)
# The ci-bumpversion workflow auto-bumps dev versions
# The ci-git-tag workflow creates the git tag
# The ci-build workflow builds multi-platform binaries
# The ci-publish workflow creates GitHub Release and publishes to crates.io

Built With

Dev Tools

About

Yet another cert-manager.

Topics

Resources

License

Contributing

Stars

Watchers

Forks

Packages

 
 
 

Contributors