CertM is a simple tool to generate TLS certificates and keys.

docker run --rm ehazlett/certm -h

docker run --rm -v $(pwd)/certs:/certs ehazlett/certm -d /certs ca generate -o=local

This will generate a CA with the organization "local".

docker run --rm -v $(pwd)/certs:/certs ehazlett/certm -d /certs server generate --host localhost --host 127.0.0.1 -o=local

This will generate a server certificate with a SAN of "localhost" and an IP SAN of "127.0.0.1" with the organization "local".

docker run --rm -v $(pwd)/certs:/certs ehazlett/certm -d /certs client generate --common-name=ehazlett -o=local

This will generate a client certificate with the common name of "ehazlett".

docker run --rm -v $(pwd)/certs:/certs ehazlett/certm -d /certs bundle generate --host 127.0.0.1 -o=local

This will generate a CA using the org "local", a server certificate with an IP SAN of "127.0.0.1" and a client certificate.

docker run --rm -v $(pwd)/certs:/certs ehazlett/certm -d /certs bundle generate -o=local --host localhost --host 127.0.0.1 --host foo.local

This will generate a CA using the org "local", a client cert, and a server certificate that is valid using the DNS names "localhost" and "foo.local" as well as the IP "127.0.0.1"

Server cert can be used for swarm and has cert extensions for both docker server and client.

To run integration tests, use ./script/test. This will run the integration tests in a container to validate proper usage.