Sign In
golang
/
mkcert
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Document the hardcoded PKCS#12 password

PKCS#12 encryption is legacy and we don't want to encourage relying on
it by making the password configurable. Some systems require the default
"changeit", so stick with that.

Fixes #86
Closes #58
Closes #87
Filippo Valsorda 6 years ago
parent
ea716f38b3
commit
6060e206a4
1 changed files with 4 additions and 3 deletions
Split View Show Diff Stats
  1. 4 3
      cert.go

+ 4 - 3
cert.go
View File 

@@ -113,7 +113,8 @@ func (m *mkcert) makeCert(hosts []string) {
 
 	if !m.pkcs12 {
 
 		log.Printf("\nThe certificate is at \"./%s.pem\" and the key at \"./%s-key.pem\" ✅\n\n", filename, filename)
 
 	} else {
 
-		log.Printf("\nThe PKCS#12 bundle is at \"./%s.p12\" ✅\n\n", filename)
 
+		log.Printf("\nThe PKCS#12 bundle is at \"./%s.p12\" ✅\n", filename)
 
+		log.Printf("\nThe legacy PKCS#12 encryption password is the often hardcoded default \"changeit\" ℹ️\n\n")
 
 	}
 
 }
 
 
@@ -188,8 +189,8 @@ func (m *mkcert) newCA() {
 
 		KeyUsage: x509.KeyUsageCertSign,
 
 
 		BasicConstraintsValid: true,
 
-		IsCA:           true,
 
-		MaxPathLenZero: true,
 
+		IsCA:                  true,
 
+		MaxPathLenZero:        true,
 
 	}
 
 
 	cert, err := x509.CreateCertificate(rand.Reader, tpl, tpl, &pub, priv)