A command line tool and a library to generate TLS certificates for development purposes.

Inspired by mkcert by Filippo Valsorda, but written in C# using the Bouncy Castle library.

$ concerto www.test.com

This will create a concertoCA.pem root certificate and a www.test.com.pem certificate for your domain. You may add multiple domains, if needed. IPs and URIs are accepted too.

Some more examples:

$ concerto localhost 127.0.0.1
$ concerto '*.example.com' 192.168.0.12
$ concerto https://www.example.com 192.168.0.12

$ concerto -int myIntCA
$ concerto -chain -ca myIntCA.pem www.test.com

This will create a concertoCA.pem root certificate, an intermediate CA certificate (myIntCA.pem), a site certificate with a certificate trust chain (www.test.com.pem).

-ca <path-to-cert>     Specifies which CA certificate to use.
-client                Allow a client to authenticate using the certificate.
-chain                 Add the certificate chain to the certificate file.
-ecdsa                 Use Elliptic Curve key instead of RSA.
-pfx                   Save the certificate and the key in a .pfx file.
-help                  Shows the help screen.

The NuGet package contains two classes: CertificateCreator and CertificateFileStore. They provide a straightforward API to create TLS certificates and save them to and read them from a file system.

Example usage:

var workingDir = @"C:\temp";

CertificateChainWithPrivateKey rootCA;
if (File.Exists($@"{workingDir}\myCA.pem") && File.Exists($@"{workingDir}\myCA.key")) {
    rootCA = CertificateFileStore.LoadCertificate($@"{workingDir}\myCA.pem");
} else {
    rootCA = CertificateCreator.CreateCACertificate("MyCA");
    CertificateFileStore.SaveCertificate(rootCA, $@"{workingDir}\myCA.pem");
}

var cert = CertificateCreator.CreateCertificate(new [] { "www.test.com", "localhost" }, rootCA);
CertificateFileStore.SaveCertificate(cert, $@"{workingDir}\www.test.com.pem");