Displaying 1 to 20 from 25 results

acme - :lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)

  •    Go

acmetool is an easy-to-use command line tool for automatically acquiring certificates from ACME servers (such as Let's Encrypt). Designed to flexibly integrate into your webserver setup to enable automatic verification. Unlike the official Let's Encrypt client, this doesn't modify your web server configuration.You can perform verifications using port 80 or 443 (if you don't yet have a server running on one of them); via webroot; by configuring your webserver to proxy requests for /.well-known/acme-challenge/ to a special port (402) which acmetool can listen on; or by configuring your webserver not to listen on port 80, and instead running acmetool's built in HTTPS redirector (and challenge responder) on port 80. This is useful if all you want to do with port 80 is redirect people to port 443.

forge - A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps

  •    Javascript

A native implementation of TLS (and various other cryptographic tools) in JavaScript. The Forge software is a fully native implementation of the TLS protocol in JavaScript, a set of cryptography utilities, and a set of tools for developing Web Apps that utilize many network resources.

X509 Certificate management tools


Windows based utilities for viewing and managing X509 certificates. Intended to be a replacement/addition for the standard MMC certificate viewer.

certigo - A utility to examine and validate certificates in a variety of formats

  •    Go

Certigo is a utility to examine and validate certificates to help with debugging SSL/TLS issues.Supports all common file formats: Certigo can read and dump certificates in various formats. It can automatically detect and read from X.509 (DER/PEM), JCEKS, PKCS7 and PKCS12 files. Certificates can be dumped to a human-readable format, a set of PEM blocks, or a JSON object for use in scripting.

webpki - WebPKI X.509 Certificate Validation in Rust

  •    Rust

webpki is a library that validates Web PKI (TLS/SSL) certificates. webpki is designed to provide a full implementation of the client side of the Web PKI to a diverse range of applications and devices, including embedded (IoT) applications, mobile apps, desktop applications, and server infrastructure.

rabbitmq-trust-store - A trust store whitelists x509 certificates

  •    Erlang

This plugin provides support for TLS (x509) certificate whitelisting. All plugins which use the global TLS options will be configured with the same whitelist.RabbitMQ can be configured to accepted self-signed certificates through various TLS socket options, namely the ca_certs and partial_chain properties. However, this configuration is largely static. There is no convenient means with which to change it in realtime, that is, without making configuration changes to TLS listening sockets.

play-scala-tls-example - A Play application using HTTPS and WS with optional client authentication

  •    Scala

This application shows how to use Play with SSL/TLS, using the Java Secure Socket Extension (JSSE) API. You must have JDK 1.8 installed on your machine to run this, to take advantage of the new security enhancements in JSSE.

django-x509 - Reusable django app implementing x509 PKI certificates management

  •    Python

Simple reusable django app implementing x509 PKI certificates management. Want to help OpenWISP? Find out how to help us grow here.

cert-manage - WIP - cross-platform certificate management tool

  •    Go

Every computer connected to the internet today has a series of "certificate stores" contained within it. These stores are crucial to encrypted communication everywhere, but their state often drifts between providers and can many times extend trust further than users expect. The underlying Certificate Authority technology doesn't offer solutions for fine grained management, active countermeasures and misuse prevention for end-user machines. Any system you buy will come loaded with trust of countless CA's, which means that your encrypted connections are at risk of eavesdropping or misrepresentation if any CA creates privacy-destructive or nefarious certificates. Read up on the background if you're interested.

asn1crypto - Python ASN.1 library with a focus on performance and a pythonic API

  •    Python

A fast, pure Python library for parsing and serializing ASN.1 structures. Python has long had the pyasn1 and pyasn1_modules available for parsing and serializing ASN.1 structures. While the project does include a comprehensive set of tools for parsing and serializing, the performance of the library can be very poor, especially when dealing with bit fields and parsing large structures such as CRLs.

oscrypto - Compiler-free Python crypto library backed by the OS, supporting CPython and PyPy

  •    Python

A compilation-free, always up-to-date encryption library for Python that works on Windows, OS X, Linux and BSD. Supports the following versions of Python: 2.6, 2.7, 3.2, 3.3, 3.4, 3.5, 3.6 and pypy. OS X 10.6 will not be supported due to a lack of available cryptographic primitives and due to lack of vendor support.

FiddlerCert - A Fiddler extension for examining certificates.

  •    CSharp

A Fiddler extension for examining certificates. This is an extension for the excellent Fiddler tool, a web debugging tool developed by Eric Lawrence at Telerik. This extension provides an Inspector for HTTPS traffic that allows you to view, export, and install certificates.

lokey - A tool that makes it easy to work with and convert between cryptographic key formats

  •    Python

lokey is a tool that makes it easy to work with and convert between cryptographic key formats. Named after the shape shifting and mischief-making Trickster from Norse mythology, this tool serves to test the bounds of possibilities and order.

pki - Certificate Authority management suite

  •    Shell

This project heavily utilizes OpenSSL and requires Bash. All of the utilities are in the bin directory. These files use the config files in the etc directory. There's no reason to ever edit any thing in these two folders.

RSAKeyVaultProvider - Enables Azure Key Vault secrets and certificates to be used by .NET Crypto

  •    CSharp

The RSAKeyVaultProvider enables you to use secrets and certificates stored in an Azure Key Vault for performing signing and decryption operations. (Encrypt and verify can be done locally with the public key material.) The type derives from RSA so can be used anywhere an AsymmetricAlgorithm can be, including with SignedXml types. To run these tests, you'll need to import a code signing certificate into an Azure Key Vault. You can do this by importing the PFX for certs you already have, or, the harder way, by generating a CSR in the HSM and using that for an EV Code Signing certificate. You will also need to create a new RSA key using Add-AzureKeyVaultKey or the UI mentioned below. Use the key name as the azureKeyVaultKeyName in the config and the certificate name as the azureKeyVaultCertificateName.

pki-manager - IT Freelancers : Manage small PKI for multiple projects (or clients) with 2 bash scripts

  •    Shell

Use -h to get basic help usage from each script. In addition, scripts output is fairly detailed to explain what has been generated, where is it located and what to do with it. Same principle applies to CA generation : you can also override the subject fields of the CA certificate using CA_C, CA_L, CA_O, CA_OU or CA_CN.

certidude - Easy to use Certificate Authority web service for OpenVPN, StrongSwan and HTTPS

  •    Python

Certidude is a minimalist X.509 Certificate Authority management tool with Kerberos authentication mainly designed for OpenVPN gateway operators to make VPN client setup on laptops, desktops and mobile devices as painless as possible. Certidude can also be used to manage IPSec certifcates (StrongSwan) or HTTPS client certificates to limit access to eg. intranet websites. For a full-blown CA you might want to take a look at EJBCA or OpenCA.

fpkilint - Federal PKI, X.509 certificate linter

  •    Javascript

CPCT will be a capable of analyzing a certificate’s conformance to a pre-defined certificate profile. User input will consist of a certificate and a profile selection. After processing the certificate, CPCT will output a table similar in formatting to the certificate format tables often included in Certificate Profile documents, but including additional analysis content indicating PASS or specific text describing the non-conformance. When complete, the tool is expected to be capable of analyzing certificates for conformance with the FPKI profiles described in the documents available on the Federal Public Key Infrastructure (FPKI) web page.

sscg - Simple Signed Certificate Generator

  •    C

x509 Certificates are complicated to get right. SSCG makes it easy to generate usable, signed certificates quickly without needing to understand complex openssl, certtool or certutil commands. Certificates generated by SSCG will be valid by default for securing the current machine's hostname and no others. To add further names (such as for a multi-homed system), look at the --subject-alt-name argument below.