lemur - Repository for the Lemur Certificate Manager

  •        36

Lemur manages TLS certificate creation. While not able to issue certificates itself, Lemur acts as a broker between CAs and environments providing a central portal for developers to issue TLS certificates with 'sane' defaults.It works on CPython 3.5. We deploy on Ubuntu and develop on OS X.

https://github.com/Netflix/lemur
http://lemur.readthedocs.io/en/latest/

Tags
Implementation
License
Platform

   




Related Projects

Cryptlib - provides Encryption and Authentication Service


cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

certigo - A utility to examine and validate certificates in a variety of formats


Certigo is a utility to examine and validate certificates to help with debugging SSL/TLS issues.Supports all common file formats: Certigo can read and dump certificates in various formats. It can automatically detect and read from X.509 (DER/PEM), JCEKS, PKCS7 and PKCS12 files. Certificates can be dumped to a human-readable format, a set of PEM blocks, or a JSON object for use in scripting.

certstrap - Tools to bootstrap CAs, certificate requests, and signed certificates.


A simple certificate manager written in Go, to bootstrap your own certificate authority and public key infrastructure. Adapted from etcd-ca.certstrap is a very convenient app if you don't feel like dealing with openssl, its myriad of options or config files.

PolarSSL library - Crypto and SSL made easy


Download PolarSSL PolarSSL is an SSL library written in ANSI C. PolarSSL makes it easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products with as little hassle as possible. It is designed to be readable, documented, tested, loosely coupled and portable. It supports Symmetric encryption algorithms, hash algorithms, RSA with PKCS and X.509 certificate, SSL and TLS.

cipherscan - A very simple way to find out which SSL ciphersuites are supported by a target.


Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the openssl s_client command line.Cipherscan is meant to run on all flavors of unix. It ships with its own built of OpenSSL for Linux/64 and Darwin/64. On other platform, it will use the openssl version provided by the operating system (which may have limited ciphers support), or your own version provided in the -o command line flag.



Nogotofail - Network Security Testing Tool


Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

caman - A self-signing certificate authority manager


A self-signing certificate authority manager - create your own certificate authority, and generate and manage SSL certificates using openssl.

acme - :lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)


acmetool is an easy-to-use command line tool for automatically acquiring certificates from ACME servers (such as Let's Encrypt). Designed to flexibly integrate into your webserver setup to enable automatic verification. Unlike the official Let's Encrypt client, this doesn't modify your web server configuration.You can perform verifications using port 80 or 443 (if you don't yet have a server running on one of them); via webroot; by configuring your webserver to proxy requests for /.well-known/acme-challenge/ to a special port (402) which acmetool can listen on; or by configuring your webserver not to listen on port 80, and instead running acmetool's built in HTTPS redirector (and challenge responder) on port 80. This is useful if all you want to do with port 80 is redirect people to port 443.

SSL certificate verification utility


This utility will provide ways to validate validity of SSL certificates on your network. It'll traverse network finding HTTPS websites, retreive certificate chain for each of them and validate each certificate for various problems. Typical use is finding expired or certificate...

Ejbca - PKI Certificate Authority software


EJBCA is an enterprise class PKI Certificate Authority software. It supports SSL/TLS, Smart card logon to Windows and/or Linux, Signing and encrypting email (SMIME), Mobile PKI, Secure mobile networks and lot more.

Windows Phone Certificate Installer


Helps install Trusted Root Certificates on Windows Phone 7 to enable SSL requests. Intended to allow developers to use localhost web servers during development without requiring the purchase of an SSL certificate. Especially helpful for ws-trust secured web service development.

s2n - an implementation of the TLS/SSL protocols from Amazon


s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority. s2n implements SSLv3, TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and 256-bit AES, in the CBC and GCM modes, 3DES, and RC4. For forward secrecy, s2n supports both DHE and ECDHE.

dockvpn - Recipe to build an OpenVPN image for Docker


Now download the file located at the indicated URL. You will get a certificate warning, since the connection is done over SSL, but we are using a self-signed certificate. After downloading the configuration, stop the serveconfig container. You can restart it later if you need to re-download the configuration, or to download it to multiple devices.Note: there is a bug in the Android Download Manager which prevents downloading files from untrusted SSL servers; and in that case, our self-signed certificate means that our server is untrusted. If you try to download with the default browser on your Android device, it will show the download as "in progress" but it will remain stuck. You can download it with Firefox; or you can transfer it with another way: Dropbox, USB, micro-SD card...

distcache, Distributed session caching


Distributed session caching tools and APIs, primarily for SSL/TLS servers though perhaps useful for other (non-SSL/TLS) circumstances. Also includes a self-contained network abstraction library (libnal), and the sslswamp SSL/TLS benchmark/test utility.

KeyBox - Web-based SSH console that centrally manages administrative access to systems


KeyBox is an open-source web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding.

OpenSSL - Toolkit for SSL and TLS


The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

ghostunnel - A simple SSL/TLS proxy with mutual authentication for securing non-TLS services


Ghostunnel is a simple TLS proxy with mutual authentication support for securing non-TLS backend applications.Ghostunnel supports two modes, client mode and server mode. Ghostunnel in server mode runs in front of a backend server and accepts TLS-secured connections, which are then proxied to the (insecure) backend. A backend can be a TCP domain/port or a UNIX domain socket. Ghostunnel in client mode accepts (insecure) connections through a TCP or UNIX domain socket and proxies them to a TLS-secured service. In other words, ghostunnel is a replacement for stunnel.

SSL Certificate Authority Shellscripts


Bash shell scripts to run an OpenSSL Certificate Authority (CA) and issue self-signed HTTPS server certificates (or cert signing requests) for intranets. Scripts: genrootca, genservercert, genusercert, revokecert, csv2usercerts, certificate-mailer.

Kong - The Microservice API Gateway


Kong is a cloud-native, fast, scalable, and distributed Microservice Abstraction Layer (also known as an API Gateway, API Middleware or in some cases Service Mesh). Backed by the battle-tested NGINX with a focus on high performance, Kong was made available as an open-source platform in 2015. Under active development, Kong is used in production at thousands of organizations from startups, Global 5000 and Government organizations.