mkcert icon indicating copy to clipboard operation
mkcert copied to clipboard
verified publisher icon FiloSottile

Specify CA Name on mkcert -install

Open mfoster86 opened this issue 5 years ago • 9 comments

Would like to request the ability to specify a name for the CA certificate's subject common name when running mkcert -install.

Example: mkcert -instal -name 'My Dev CA 01'

The built-in method for generating the CN of the CA certificate uses parenthesis in the name which have to be escaped properly in certain languages, bash as an example.

mfoster86 avatar May 01 '20 20:05 mfoster86

This is a common request, but I prefer not to make the root customizable for a few reasons:

  1. The UX is unclear, what happens if you re-run -install without -name or with a different -name? Does it destroy the current root?
  2. There are too many customization options, so we'd need full Subject syntax, and probably also something for the names on the leaf certificates
  3. mkcert is targeted at development. It happens to work as a private CA with one user, but scaling past that with mkcert is not using it for what it's designed, and customizable names encourage that.

If parens are annoying, we can remove them. Can you tell us more about how you're using the root to understand what would work?

FiloSottile avatar Oct 25 '20 19:10 FiloSottile

That makes sense on wanting to keep it development focused and not customizable. If removing the parentheses is possible then that would be great.

I tried to remember specifically what use case I was testing mkcert with at the time of posting this, but honestly cannot remember. I was probably testing a certificate scenario using a combination of Python/bash and ran into a character escaping problem with the parentheses.

mfoster86 avatar Oct 25 '20 20:10 mfoster86

Some app must run in LAN. It need be customed

luxueyan avatar Feb 26 '21 03:02 luxueyan

Sometimes we generate certificates that are shared by the team during the development phase,It would be better to allow custom name.

eleven-net-cn avatar Oct 17 '22 07:10 eleven-net-cn

I'm really looking forward to this feature.

laudukang avatar Nov 04 '22 07:11 laudukang

especially in the development phase it customization is important. as developer who thinks about his variable names carefully i would really prefer to set a custom name (and maybe later much more). the custom name would help me in team development and also i would love to name the cert something like AAA.... to keep it at the top of all certs.

from user security point of view we could also argue that a development certificate with an "unknown" name (a name not chosen by myself), can lead to forget such a cert in the browser which could lead to misuse from people who want to do harm.

trying to protect developers is a noble cause but in the end it is annoying most of the time. it leaves an odd feeling as if someone other is thinking for you.

so this is my vote for customizing the name.

c33s avatar Feb 01 '24 22:02 c33s