A 2012 self-signed cert generator rebuilt in Go, now live at cert-depot.com, with SAN support included.
Key Takeaways
The rewrite moves a decade-old tool to Go, likely gaining modern TLS defaults and cleaner certificate handling.
SAN (Subject Alternative Name) support is a meaningful upgrade; browsers and many clients reject certs without it.
cert-depot.com positions this as a web-based tool, lowering the barrier vs. raw openssl commands or local scripts.
Self-signed cert generators remain useful for internal services, dev environments, and air-gapped setups where a public CA is not viable.
Hacker News Comment Review
The single commenter validates SAN support as the correct priority, noting older generators commonly fail on this requirement.
The real deployment friction, per the commenter, is not cert generation but distributing the CA cert into trust stores across Linux, Windows, and Java apps with separate keystores – a cross-platform maintenance burden cert-depot.com does not appear to address.
Notable Comments
@toddgardner: “Generating the cert is the easy part” – flags CA trust store distribution across mixed environments as the unsolved hard part of self-signed deployments.