Displaying 1 to 20 from 60 results

mkcert - A simple zero-config tool to make locally trusted development certificates with any names you'd like

  •    Go

mkcert is a simple tool for making locally-trusted development certificates. It requires no configuration. Using certificates from real certificate authorities (CAs) for development can be dangerous or impossible (for hosts like localhost or, but self-signed certificates cause trust errors. Managing your own CA is the best solution, but usually involves arcane commands, specialized knowledge and manual steps.

Windows-Secure-Host-Baseline - Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings

  •    HTML

The Windows Secure Host Baseline (SHB) provides an automated and flexible approach for assisting the DoD in deploying the latest releases of Windows 10 using a framework that can be consumed by organizations of all sizes. Formal product evaluations also support the move to Windows 10. The National Information Assurance Partnership (NIAP) and National Institute of Standards and Technology (NIST) oversees evaluations of commercial IT products for use in National Security Systems.

SigThief - Stealing Signatures and Making One Invalid Signature at a Time

  •    Python

I've noticed during testing against Anti-Virus over the years that each is different and each prioritize PE signatures differently, whether the signature is valid or not. There are some Anti-Virus vendors that give priority to certain certificate authorities without checking that the signature is actually valid, and there are those that just check to see that the certTable is populated with some value. It's a mess. So I'm releasing this tool to let you quickly do your testing and feel free to report it to vendors or not.

certificates - 🛡️ An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere

  •    Go

An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere. For more information and docs see the Step website and the blog post announcing Step Certificate Authority.

Makecert UI


Makecert UI is a shell layer application on top of the Microsoft makecert.exe utility. Makecert UI makes it easy for you to create self signed certificates, even from your own CA.

Azure Table Encryption via Attribute


SSL isn't enough when storing data in the cloud. You need to protect data-at-rest from anyone who has access to your store. In addition your SSL data may be vulnerable to a man-in-the-middle technology or IT shops that inspect and log the SSL contents. Bluecoat is one examp...

EFS Certificate Configuration Updater

  •    CSharp

One of the most critical outstanding issues with the use of EFS in the enterprise is that the EFS component 'driver' does not automatically start using "better" EFS certificates when they are enrolled. This command-line application wlil help an organization migrate EFS-encryp...

Certificate Request (PKCS#10) Generator


A .NET application that can create PKCS#10 Certificate Requests, either by generating a new key or reusing a preexisting one. Minimum requirement : Windows Vista and above. .NET 2.0.

X509 Certificate management tools


Windows based utilities for viewing and managing X509 certificates. Intended to be a replacement/addition for the standard MMC certificate viewer.

sharkey - Sharkey is a service for managing certificates for use by OpenSSH

  •    Go

Sharkey is a service for managing certificates for use by OpenSSH.Sharkey has a client component and a server component. The server is responsible for issuing signed host certificates, the client is responsible for installing host certificates on machines. Sharkey builds on the trust relationships of your existing X.509 PKI to manage trusted SSH certificates. Existing X.509 certificates can be minted into SSH certificates, so you don't have to maintain two separate PKI hierarchies.

acme-client - Let's Encrypt / ACME client written in PHP for the CLI.

  •    PHP

kelunik/acme-client is an ACME client written in PHP. ACME is the protocol that powers the Let's Encrypt certificate authority.

rabbitmq-trust-store - A trust store whitelists x509 certificates

  •    Erlang

This plugin provides support for TLS (x509) certificate whitelisting. All plugins which use the global TLS options will be configured with the same whitelist.RabbitMQ can be configured to accepted self-signed certificates through various TLS socket options, namely the ca_certs and partial_chain properties. However, this configuration is largely static. There is no convenient means with which to change it in realtime, that is, without making configuration changes to TLS listening sockets.

openssl-osx-ca - Simple periodic task to sync OSX Keychain certs to Homebrew installed OpenSSL & LibreSSL

  •    Objective-C

A simple tool and script intended to be run periodically by launchd(8) to sync an openssl style CA pem with the certificates found in the OSX Keychain(s). The original name is now a misnomer, as the software will manage certificate bundles for both openssl and libressl installed under Homebrew.

auth - Istio authentication components

  •    Go

The diagram below shows Istio Auth's architecture, which includes three primary components: identity, key management, and communication security. This diagram describes how Istio Auth is used to secure the service-to-service communication between service 'frontend' running as the service account 'frontend-team' and service 'backend' running as the service account 'backend-team'. Istio supports services running on both Kubernetes containers and VM/bare-metal machines.As illustrated in the diagram, Istio Auth leverages secret volume mount to deliver keys/certs from Istio CA to Kubernetes containers. For services running on VM/bare-metal machines, we introduce a node agent, which is a process running on each VM/bare-metal machine. It generates the private key and CSR (certificate signing request) locally, sends CSR to Istio CA for signing, and delivers the generated certificate together with the private key to Envoy.

passport-client-certificate - Passport strategy for authenticating using client certificates.

  •    Javascript

Passport strategy for authenticating using client certificates.Applications must supply a verify callback which accepts the client certificate. It then calls the done callback supplying a user. User should be set to false if the credentials are not valid. If an exception occured, err should be set.

airgap - Offline LiveUSB to generate and manage secret keys for things such as gpg, certificates, and cryptocurrency

  •    Python

A live debian based distribution designed for managing secrets offline. Built for those of us that want to be -really- sure our most important secrets are managed in a clean environment with an "air gap" between us and the internet.

bowser - a smart, friendly, secure, and auditable ssh daemon

  •    Go

Bowser is a modern, simple, and grokable SSH daemon built to act as a bastion and SSH certificate authority. Bastion provides users with a unobtrusive yet highly secure flow to SSH. Bowser was built at Discord. This is caused by this OpenSSH bug. Upgrade your version of OpenSSH to resolve.

ssl_verify_fun.erl - Collection of ssl verification functions for Erlang

  •    Erlang

Note: all examples use {reuse_sessions, false} to make sure session won't be reused and ssl:connect will give you different result when changing fingerprints/hostnames, etc. Perhaps this should be removed in production. If you don't want to expose public ceritificate or just want to save space, you can validate public key fingerprint.

tls_certificate_generation - Use temporary Amazon EC2 / Digital Ocean cloud machines to get / renew letsencrypt certificates

  •    Shell

You can also transfer the downloaded certificates to your site, there is an opinionated script upload_certs_on_nginx.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.