Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 12 Go certificate-authority Projects
-
certificates
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
-
labca
A private Certificate Authority for internal (lab) use, based on the open source ACME Automated Certificate Management Environment implementation from Let's Encrypt (tm).
-
-
letsdane
🔒 Let's DANE is an experimental way to enable the use of DANE/TLSA in browsers and other apps using a lightweight proxy.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
ca-injector
Painlessly use off-the-shelf images (and your own) in your k8s cluster, with custom root CAs.
-
I've been doing this for a while with SmallStep CA: https://github.com/smallstep/certificates
It's a bit of a pain to load a cert onto every device (easier with stuff like Ansible if you have a bunch of linux devices), but manageable. And it lets me do proper trusted TLS for a lot of stuff that would otherwise be self-signed.
One thing I recommend is to add X509v3 Name Constraints extensions to your root CA if you go down this path. It prevents the CA from being abused to MITM you for other URLS (at least for browsers/clients that respect names constraints)
```
Consider https://github.com/anacrolix/btlink. It's a proof of concept, and has all the basics. I designed it and I worked for IPFS, and I am the maintainer of a popular DHT and BitTorrent client implementation.
Project mention: What if your Pods need to trust self-signed certificates? | news.ycombinator.com | 2023-06-28I've built a small MutatingAdmissionWebhook controller [0] that handles this, via a pod annotation whose value is a secret with `ca.crt` inside, and it uses the (mostly) de facto standard openssl variables to configure the libraries, so that it works across pretty much everything I've tried it with off the shelf.
I build a bundle (though I may just move to trust-manager [1]) and replicate it into all namespaces with kubernetes-replicator [2], and then I can annotate any pod with
[0] https://github.com/microcumulus/ca-injector
[1] https://github.com/cert-manager/trust-manager
[2] https://github.com/mittwald/kubernetes-replicator
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
Go certificate-authority discussion
Go certificate-authority related posts
-
Trying to do something a bit crazy
-
Selfhosted CA tutorial
-
Handshake Privacy VPN and Tor
-
How does the cert based authentication work?
-
How do you guys handle your PKI?
-
Looking for an open source certificate management solution.
-
Handshake/DANE Support For Android
-
A note from our sponsor - InfluxDB
www.influxdata.com | 15 Jun 2024
Index
What are some of the best open-source certificate-authority projects in Go? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | certificates | 6,274 |
| 2 | boulder | 5,034 |
| 3 | certstrap | 2,226 |
| 4 | cashier | 692 |
| 5 | labca | 303 |
| 6 | paranoia | 219 |
| 7 | letsdane | 109 |
| 8 | certonid | 74 |
| 9 | certify | 44 |
| 10 | btlink | 30 |
| 11 | ca-injector | 24 |
| 12 | devcert | 11 |
Sponsored
Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com