cert-gen
servercert
| cert-gen | servercert | |
|---|---|---|
| 1 | 12 | |
| 94 | 193 | |
| - | 7.3% | |
| 0.0 | 5.4 | |
| over 2 years ago | 1 day ago | |
| Shell | CSS | |
| MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cert-gen
-
A safer default for navigation: HTTPS
> I wish there was a solution for those of us who develop web interfaces for embedded products designed to live on LAN
There almost is! Instead of self signed certificates, use a certificate authority, and install that on the LAN's machines. https://github.com/devilbox/cert-gen
You can use macOS Server or Active Directory to push out the Certificate as trusted.
It's not perfect, but it's close enough for a LAN.
servercert
-
TLS Certificate Lifetimes Will Officially Reduce to 47 Days
And here's the CABF discussion before the vote: https://github.com/cabforum/servercert/pull/553/commits/69ce...
- Web page annoyances that I don't inflict on you here
- SSL certificate lifetimes are going down. Dates proposed. 45 days by 2027
- CA/Browser Forum SC-081: Introduce Schedule of Reducing Validity Periods
- WebPKI – Introduce Schedule of Reducing Validity (Of TLS Server Certificates)
-
We Spent $20 to Achieve RCE and Accidentally Became the Admins of .MOBI
The current CAB Forum Baseline Requirements call for "Multi-Perspective Issuance Corroboration" [1] i.e. make sure the DNS or HTTP challenge looks the same from several different data centres in different countries.
[1] https://github.com/cabforum/servercert/blob/main/docs/BR.md#...
-
DigiCert Revocation Incident (Cname Domain Validation)
There's no prohibition against issuing certificates for names on the Public Suffix List.
BR 3.2.2.6 prohibits issuing a wildcard certificate for an entire public suffix unless the "Applicant proves its rightful control of the entire Domain Namespace" (without specifying how this should be done - arguably, publishing a DNS record would qualify) but also says that CAs should use the "ICANN DOMAINS" section of the PSL only, not the "PRIVATE DOMAINS" section, so domains for dynamic DNS providers and the like wouldn't be included in any case. [https://github.com/cabforum/servercert/blob/main/docs/BR.md#...]
-
All I Know About Certificates – Certificate Authority
That's because some people came along and produced a parallel standard [1] adding loads more rules, clarifications and constraints to convert X509 into something approximately fit for purpose.
[1] https://github.com/cabforum/servercert
-
Does my site need HTTPS?
This is permitted: https://github.com/cabforum/servercert/blob/main/docs/BR.md#...
But it hasn't really caught on; a lot of registrars don't seem to want the complexity of being (or integrating with) a CA, and vice versa.
-
Let's Encrypt: Issue with TLS-ALPN-01 Validation Method
It is unfortunate. It's required: https://github.com/cabforum/servercert/blob/main/docs/BR.md#...
What are some alternatives?
devcert - Local HTTPS development made easy
devcert-cli - A CLI wrapper for devcert, to manage development SSL/TLS certificates and domains
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
pykka - 🌀 Pykka makes it easier to build concurrent Python applications.