certigo - A utility to examine and validate certificates in a variety of formats

  •        123

Certigo is a utility to examine and validate certificates to help with debugging SSL/TLS issues.Supports all common file formats: Certigo can read and dump certificates in various formats. It can automatically detect and read from X.509 (DER/PEM), JCEKS, PKCS7 and PKCS12 files. Certificates can be dumped to a human-readable format, a set of PEM blocks, or a JSON object for use in scripting.




Related Projects

forge - A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps

  •    Javascript

A native implementation of TLS (and various other cryptographic tools) in JavaScript. The Forge software is a fully native implementation of the TLS protocol in JavaScript, a set of cryptography utilities, and a set of tools for developing Web Apps that utilize many network resources.

pem - Create private keys and certificates with node.js

  •    Javascript

Here are some examples for creating an SSL key/cert on the fly, and running an HTTPS server on port 443. 443 is the standard HTTPS port, but requires root permissions on most systems. To get around this, you could use a higher port number, like 4300, and use https://localhost:4300 to access your server. Please have a look into the API documentation.

PolarSSL library - Crypto and SSL made easy

  •    C

Download PolarSSL PolarSSL is an SSL library written in ANSI C. PolarSSL makes it easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products with as little hassle as possible. It is designed to be readable, documented, tested, loosely coupled and portable. It supports Symmetric encryption algorithms, hash algorithms, RSA with PKCS and X.509 certificate, SSL and TLS.

acme - :lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)

  •    Go

acmetool is an easy-to-use command line tool for automatically acquiring certificates from ACME servers (such as Let's Encrypt). Designed to flexibly integrate into your webserver setup to enable automatic verification. Unlike the official Let's Encrypt client, this doesn't modify your web server configuration.You can perform verifications using port 80 or 443 (if you don't yet have a server running on one of them); via webroot; by configuring your webserver to proxy requests for /.well-known/acme-challenge/ to a special port (402) which acmetool can listen on; or by configuring your webserver not to listen on port 80, and instead running acmetool's built in HTTPS redirector (and challenge responder) on port 80. This is useful if all you want to do with port 80 is redirect people to port 443.

Cryptlib - provides Encryption and Authentication Service

  •    C

cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

ansible-role-apache - Ansible Role - Apache 2.x.


An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris. If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt.

certstrap - Tools to bootstrap CAs, certificate requests, and signed certificates.

  •    Go

A simple certificate manager written in Go, to bootstrap your own certificate authority and public key infrastructure. Adapted from etcd-ca.certstrap is a very convenient app if you don't feel like dealing with openssl, its myriad of options or config files.

BouncyCastle - Lightweight Cryptography API for Java and CSharp

  •    Java

Bouncy Castle Crypto APIs is a lightweight cryptography API for Java and CSharp. It has provider for the Java Cryptography Extension and the Java Cryptography Architecture. It supports TLS, PKCS7, PKCS12, OpenPGP, S/MIME, OCSP, TSP, CMP, Extended Access Control, ASN and lot more.

webpki - WebPKI X.509 Certificate Validation in Rust

  •    Rust

webpki is a library that validates Web PKI (TLS/SSL) certificates. webpki is designed to provide a full implementation of the client side of the Web PKI to a diverse range of applications and devices, including embedded (IoT) applications, mobile apps, desktop applications, and server infrastructure.

Caporal.js - A full-featured framework for building command line applications (cli) with node.js

  •    Javascript

A full-featured framework for building command line applications (cli) with node.js, including help generation, colored output, verbosity control, custom logger, coercion and casting, typos suggestions, and auto-complete for bash/zsh/fish.Angled brackets (e.g. <item>) indicate required input. Square brackets (e.g. [env]) indicate optional input.


  •    Java

A graphical tool for generating RSA and ECDSA cryptographic key-pairs, creating Certificate Signing Requests (CSRs) from them, and combining the key-pair with an issued digital certificate to create a secure portable container (PKCS12, JKS, JCEKS, etc.).

certificates - 🛡️ An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere

  •    Go

An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere. For more information and docs see the Step website and the blog post announcing Step Certificate Authority.

Botan - Crypto library for C++

  •    C++

Botan (Japanese for peony) is a cryptography library written in C++11. Botan's goal is to be the best option for cryptography in new C++ code by offering the tools necessary to implement a range of practical systems, such as TLS/DTLS, PKIX certificate handling, PKCS#11 and TPM hardware support, password hashing, and post quantum crypto schemes. In addition to the C++, botan has a C89 API specifically designed to be easy to call from other languages. A Python binding using ctypes is included, and several other language bindings are available.

lemur - Repository for the Lemur Certificate Manager

  •    Python

Lemur manages TLS certificate creation. While not able to issue certificates itself, Lemur acts as a broker between CAs and environments providing a central portal for developers to issue TLS certificates with 'sane' defaults.It works on CPython 3.5. We deploy on Ubuntu and develop on OS X.

cipherscan - A very simple way to find out which SSL ciphersuites are supported by a target.

  •    Python

Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the openssl s_client command line.Cipherscan is meant to run on all flavors of unix. It ships with its own built of OpenSSL for Linux/64 and Darwin/64. On other platform, it will use the openssl version provided by the operating system (which may have limited ciphers support), or your own version provided in the -o command line flag.

command line PDF signature tool

  •    DotNet

Command line tool to sign pdf files using a signing certificate in pkcs12 format. code is in c# language.

merlin - Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang

  •    PowerShell

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control  server and agent written in golang. To facilitate ease of use, a TLS X.509 private and public certificate is distributed with Merlin. This allows a user to start using Merlin right away. However, this key is widely distributed and is considered public knowledge. You should generate your own certificates and replace the default certificates that ship with Merlin. The default location for the certificates is the data/x509 directory. The openssl command can be used from a Linux system to generate a key pair.

python-certifi - (Python Distribution) A carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts

  •    Python

Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. It has been extracted from the Requests project. Browsers and certificate authorities have concluded that 1024-bit keys are unacceptably weak for certificates, particularly root certificates. For this reason, Mozilla has removed any weak (i.e. 1024-bit key) certificate from its bundle, replacing it with an equivalent strong (i.e. 2048-bit or greater key) certificate from the same CA. Because Mozilla removed these certificates from its bundle, certifi removed them as well.