Feature request: --p12-file option for tailscale cert

tailscale cert works great! One of my services (Jellyfin media server) requires a p12 certificate for https. It’s easy enough to create from the command line using the cert and key from tailscale:

tailscale cert --cert-file $crt --key-file $key
openssl pkcs12 -export -out $p12 -in $crt -inkey $key

but in the future, perhaps we could get a --p12-file option for tailscale cert? It’d save a step and probably a bit of headache for anyone not versed in openssl.

Anyway, the above works for me. Thanks for making internal certs painless!

More fully automated integrations with common uses for certificates is something we’d like to do, for example: https://twitter.com/caddyserver/status/1441112060671102980

We’re likely to focus on those more complete integrations, rather than taking one step like creating a p12 file, because the automation would allow someone who is not especially technically sophisticated to do more than they otherwise might be able to.

1 Like

Making the process fully automated as often as possible makes perfect sense. It would be nice to get rid of the need for manual rotation whenever feasible. It’d certainly delight more of the user base than adding an obscure flag, too.

Good luck with all the upstream contributions!