Cryptlib - provides Encryption and Authentication Service

•    C

cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

OpenCA - PKI Management Software

•    Javascript

The OpenCA PKI Development Project is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. The project development is divided in two main tasks: studying and refining the security scheme that guarantees the best model to be used in a CA and developing software to easily setup and manage a Certification Authority.

Dogtag - Certificate System

•    Java

The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more. It supports Certificate issuance, revocation, and retrieval, Certificate Revocation List (CRL) generation and publishing, Encryption key archival and recovery and lot more.

EJBCA, JEE PKI Certificate Authority

•    Java

EJBCA is an enterprise class PKI Certificate Authority built on JEE technology. It is a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in other JEE applications.

certificates - 🛡️ An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere

•    Go

An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere. For more information and docs see the Step website and the blog post announcing Step Certificate Authority.

Tcpcrypt - Encrypting the Internet

•    C

Tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. Unlike other security mechanisms, Tcpcrypt works out of the box: it requires no configuration, no changes to applications, and your network connections will continue to work even if the remote end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP.

PHPki Digital Certificate Authority

•    PHP

PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance. With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled e-mail clients, SSL servers, and VPN applications.

Openxpki - Manage Keys and Certificate

•    Perl

The OpenXPKI project has the vision to publish a software stack that provides all necessary components to manage keys and certificates primarily based on the X509v3 cryptography standard.

boulder - An ACME-based CA, written in Go.

•    Go

This is an implementation of an ACME-based CA. The ACME protocol allows the CA to automatically verify that an applicant for a certificate actually controls an identifier, and allows domain holders to issue and revoke certificates for their domains.Boulder has a Dockerfile to make it easy to install and set up all its dependencies. This is how the maintainers work on Boulder, and is our main recommended way to run it.

caman - A self-signing certificate authority manager

•    Shell

A self-signing certificate authority manager - create your own certificate authority, and generate and manage SSL certificates using openssl. This document explains how to use caman to create a certificate authority, optionally use an intermediate CA, and to create, sign, renew and revoke host certificates.

certstrap - Tools to bootstrap CAs, certificate requests, and signed certificates.

•    Go

A simple certificate manager written in Go, to bootstrap your own certificate authority and public key infrastructure. Adapted from etcd-ca.certstrap is a very convenient app if you don't feel like dealing with openssl, its myriad of options or config files.

PHP Certificate Authority

•    PHP

You could be doing a better job of website security... If only there was a simple way to implement SSL with signed keys? PHP-CA is an easy to use and easy to administer Certificate Authority that runs in PHP.

sapient - Secure API Toolkit

•    PHP

Sapient secures your PHP applications' server-to-server HTTP(S) traffic even in the wake of a TLS security breakdown (compromised certificate authority, etc.). Sapient allows you to quickly and easily add application-layer cryptography to your API requests and responses. Requires PHP 7.

webpki - WebPKI X.509 Certificate Validation in Rust

•    Rust

webpki is a library that validates Web PKI (TLS/SSL) certificates. webpki is designed to provide a full implementation of the client side of the Web PKI to a diverse range of applications and devices, including embedded (IoT) applications, mobile apps, desktop applications, and server infrastructure.

ssl-certificate - A class to validate SSL certificates

•    PHP

Spatie is a webdesign agency based in Antwerp, Belgium. You'll find an overview of all our open source projects on our website. Currently this package does not check if the certificate is signed by a trusted authority. We'll add this check soon in a next point release.

rustls - A modern TLS library in Rust

•    Rust

Rustls is a modern TLS library written in Rust. It's pronounced 'rustles'. It uses ring for cryptography and libwebpki for certificate verification. It aims to provide a good level of cryptographic security, requires no configuration to achieve that security, and provides no unsafe features or obsolete cryptography.

SSL Certificate Authority Shellscripts

•    Shell

Bash shell scripts to run an OpenSSL Certificate Authority (CA) and issue self-signed HTTPS server certificates (or cert signing requests) for intranets. Scripts: genrootca, genservercert, genusercert, revokecert, csv2usercerts, certificate-mailer.

ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps

•    C

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps. Second iteration of https://github.com/iSECPartners/ios-ssl-kill-switch . Once loaded into an iOS or OS X App, SSL Kill Switch 2 patches specific low-level SSL functions within the Secure Transport API in order to override, and disable the system's default certificate validation as well as any kind of custom certificate validation (such as certificate pinning).

Certificate Request (PKCS#10) Generator

A .NET application that can create PKCS#10 Certificate Requests, either by generating a new key or reusing a preexisting one. Minimum requirement : Windows Vista and above. .NET 2.0.

ios-ssl-kill-switch - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps

•    Objective-C

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps. Once installed on a jailbroken device, iOS SSL Kill Switch patches low-level SSL functions within the Secure Transport API, including SSLSetSessionOption() and SSLHandshake() in order to override and disable the system's default certificate validation as well as any kind of custom certificate validation (such as certificate pinning).