Skip to content

certman/certman-cli

BranchesTags

Repository files navigation

@certman/cli

Command-line interface for Certman - create and manage your own Certificate Authority for internal HTTPS.

Installation

Homebrew (macOS/Linux)

brew install certman/tap/certman

npm

npm install -g @certman/cli

Standalone binaries

Download pre-built binaries from the releases page.

Available for:

  • Linux (amd64, arm64)
  • macOS (amd64, arm64)
  • Windows (amd64)

Debian/Ubuntu

# Download the .deb package from releases, then:
sudo dpkg -i certman-linux-amd64.deb

Quick Start

# Authenticate with your API key
certman login

# List your Certificate Authorities
certman ca list

# Issue a certificate
certman cert issue --ca-id <ca-id> --common-name example.local --san-dns example.local

# Write certificate and key to files
certman cert issue --ca-id <ca-id> --san-dns app.local --out-cert cert.pem --out-key key.pem

Commands

Authentication

certman login              # Authenticate with your API key
certman logout             # Remove stored credentials
certman whoami             # Show current user info

Certificate Authorities

certman ca list            # List all CAs
certman ca get <id>        # Get CA details

Certificates

certman cert list          # List all certificates
certman cert issue         # Issue a new certificate
certman cert revoke <id>   # Revoke a certificate
certman cert renew <id>    # Renew a certificate

Issuing Certificates

Managed mode (key generated by Certman)

certman cert issue \
  --ca-id <ca-id> \
  --common-name myapp.local \
  --san-dns myapp.local,api.myapp.local \
  --san-ip 192.168.1.100 \
  --validity-days 365 \
  --out-cert cert.pem \
  --out-key key.pem

CSR mode (bring your own key)

certman cert issue \
  --ca-id <ca-id> \
  --csr request.csr \
  --out-cert cert.pem

Options

Option Description
--ca-id CA to issue from (required)
--common-name Certificate common name
--san-dns DNS SANs (comma-separated)
--san-ip IP SANs (comma-separated)
--key-algorithm RSA-2048, RSA-4096, ECDSA-P256, ECDSA-P384 (default: ECDSA-P256)
--validity-days Validity period in days (default: 365)
--csr Path to CSR file (for CSR mode)
--ca-passphrase CA passphrase if required
--out-cert Write certificate to file (prints to stdout if not specified)
--out-key Write private key to file (prints to stdout if not specified)
--json Output as JSON

Configuration

Credentials are stored in ~/.certman/config.json.

Environment Variables

Variable Description
CERTMAN_API_KEY API key (overrides config file)
CERTMAN_API_URL API URL (for self-hosted instances)

Command-line Options

All commands accept --api-key and --api-url options to override defaults.

License

MIT

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v1.0.3 Latest
Feb 3, 2026
+ 2 releases

Packages

No packages published

Languages