The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Certificate Open-Source Projects
-
letsencrypt
Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
-
Project mention: Parsing the Postgres protocol – logging executed statements | news.ycombinator.com | 2024-03-14
I ordinarily would have said you reinvented Teleport <https://github.com/gravitational/teleport/tree/v14.3.7#readm...> but now that they've gone AGPL with v15 I'm guessing there's a market for MIT licensed stuff, although for sure since Teleport has been around for so long it has encountered more edge cases and undergone more security reviews. I was surprised while digging up the link that Gravatational is still releasing v13 and v14 updates under Apache 2, so maybe even Teleport will continue to have legs for those who cannot deploy AGPL stuff
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Project mention: Run WebAssembly on DigitalOcean Kubernetes with SpinKube - In 4 Easy Steps | dev.to | 2024-03-27
On top of its core components, SpinKube depends on cert-manager. cert-Manager is responsible for provisioning and managing TLS certificates that are used by the admission webhook system of the Spin Operator. Let’s install cert-manager and KWasm using the commands shown here:
-
Project mention: Running one’s own root Certificate Authority in 2023 | news.ycombinator.com | 2023-09-16
This ACME client looks promising, but I haven’t tried it yet: https://github.com/go-acme/lego
-
Project mention: Running one’s own root Certificate Authority in 2023 | news.ycombinator.com | 2023-09-16
I've had a lot of success with https://github.com/dehydrated-io/dehydrated . It exposes the different parts of the process (deploy challenge to DNS, deploy cert to filesystem, etc) as hooks, so it's pretty easy to integrate with anything and however you want, if you don't mind writing a bit of bash. There's a few scripts out there that use Cloudflare that you can use as well.
-
forge
A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps (by digitalbazaar)
Project mention: Forge: Native implementation of TLS in JavaScript for web apps | news.ycombinator.com | 2024-03-24 -
websockify
Websockify is a WebSocket to TCP proxy/bridge. This allows a browser to connect to any application/server/service.
Project mention: My first BBS (anybody know of an easy to install browser based client?) | /r/bbs | 2023-07-05Try this: https://github.com/novnc/websockify I got mine set up as a windows service. But you can also just have it run on booting
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
cli
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. (by smallstep)
Project mention: Google will disable all but OAuth for IMAP, SMTP and POP starting Sept. 30 | news.ycombinator.com | 2024-01-18https://github.com/smallstep/cli implements some OAuth flows from the CLI, it may be helpful for you.
-
I use this repo as a reverse proxy: https://github.com/evertramos/nginx-proxy-automation/tree/main/docs
-
-
getssl
obtain free SSL certificates from letsencrypt ACME server Suitable for automating the process on remote servers.
A 'competitor' to this would be GetSSL which is a pure-shell ACME client (plus OpenSSL and cURL) and can be executed on one host, but send verification tokens to remote systems (where you may not have cron access):
> Get certificates for remote servers - The tokens used to provide validation of domain ownership, and the certificates themselves can be automatically copied to remote servers (via ssh, sftp or ftp for tokens). The script doesn't need to run on the server itself. This can be useful if you don't have access to run such scripts on the server itself, as it's a shared server for example.
-
-
-
certify
Professional ACME Client for Windows. Certificate Management UI, powered by Let's Encrypt and compatible with all ACME v2 CAs. Download from certifytheweb.com
Project mention: Seeking Guidance: SSL Certification for a Local Server in Windows 2019 Data Center Environment | /r/sysadmin | 2023-05-23Option 2+: If your public DNS is hosted by a provider that has Win-ACME or Certify the Web support, use Let's Encrypt and automate the whole thing.
-
awesome-certificates
Curated list of 10,000+ hours and 100+ free certificates in IT, computer science and business.
Project mention: Show HN: Certificates – a list of courses with free certificates | news.ycombinator.com | 2023-09-25 -
-
PKI.js
PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
-
-
-
-
-
-
kubernetes-reflector
Custom Kubernetes controller that can be used to replicate secrets, configmaps and certificates.
You should have you app deployed from a git repo using something like ArgoCD, Flux, or fleet. You would then make your changes in git to have the synced to your target clusters. I've never used it, but you could also look at https://github.com/emberstack/kubernetes-reflector
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Certificate related posts
- NIST: Personal Identity Verification (PIV) of Federal Employees and Contractors
- See this page fetch itself, byte by byte, over TLS
- See this page fetch itself, byte by byte, over TLS
- Why Certificate Lifecycle Automation Matters
- Importing kubernetes manifests with terraform for cert-manager
- Teleport relicenses from Apache 2.0 to AGPLv3
- Show HN: Certmaster – Automatically issue and install Let's Encrypt certificates
-
A note from our sponsor - WorkOS
workos.com | 28 Mar 2024
Index
What are some of the best open-source Certificate projects? This list will help you:
Project | Stars | |
---|---|---|
1 | letsencrypt | 30,724 |
2 | Gravitational Teleport | 16,156 |
3 | cert-manager | 11,362 |
4 | lego | 7,184 |
5 | dehydrated | 5,702 |
6 | forge | 4,921 |
7 | websockify | 3,719 |
8 | cli | 3,449 |
9 | nginx-proxy-automation | 2,604 |
10 | certstrap | 2,187 |
11 | getssl | 2,028 |
12 | acmetool | 2,019 |
13 | LettuceEncrypt | 1,492 |
14 | certify | 1,442 |
15 | awesome-certificates | 1,402 |
16 | DCA | 1,317 |
17 | PKI.js | 1,206 |
18 | covidpass | 1,198 |
19 | WeIdentity | 1,103 |
20 | routeros-scripts | 1,093 |
21 | serverless-domain-manager | 926 |
22 | certigo | 913 |
23 | kubernetes-reflector | 852 |