Top 23 PKI Open-Source Projects

• docker-openvpn

  26 8,541 0.0 Shell

  🔒 OpenVPN server in a Docker container complete with an EasyRSA PKI CA

Project mention: OpenVPN server in a Docker container complete with an EasyRSA PKI CA | news.ycombinator.com | 2024-03-30

• certificates

  40 6,154 9.5 Go

  🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

  

Project mention: You shouldn't run NSA-grade Wi-Fi at home | news.ycombinator.com | 2024-01-04

You can roll your own with https://github.com/smallstep/certificates. We maintain major open source projects and contribute a lot to other projects. I don’t think that means everything we do has to be open source. Sorry this one wasn’t. Doing this in pure open source would be a book, not a blog post.

Love Let’s Encrypt — we’re sponsors — but using them for WiFi is a terrible idea. You need internal PKI for WiFi.

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• boulder

  11 4,981 9.6 Go

  An ACME-based certificate authority, written in Go.

  

Project mention: Trying to do something a bit crazy | /r/homelab | 2023-06-04

There's no reason you couldn't run your own ACME server (the Let's Encrypt folk publish an open source one, boulder, but there's plenty of others). Then you can just use certbot in your VMs to manage certificates, configured to point to your CA server instead of the Let's Encrypt one.

• Certipy

  9 2,130 4.3 Python

  Tool for Active Directory Certificate Services enumeration and abuse

• AutomatedLab

  12 1,939 8.3 PowerShell

  AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2022, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.

  

• awesome-iam

  2 1,571 7.1

  👤 Identity and Access Management knowledge for cloud platforms

Project mention: Why use OpenID Connect instead of plain OAuth2? | news.ycombinator.com | 2023-06-27

You can start with: https://github.com/kdeldycke/awesome-iam . But beware of the rabbit hole!

• certify

  41 1,450 9.6 C#

  Professional ACME Client for Windows. Certificate Management UI, powered by Let's Encrypt and compatible with all ACME v2 CAs. Download from certifytheweb.com

  

Project mention: Seeking Guidance: SSL Certification for a Local Server in Windows 2019 Data Center Environment | /r/sysadmin | 2023-05-23

Option 2+: If your public DNS is hosted by a provider that has Win-ACME or Certify the Web support, use Let's Encrypt and automate the whole thing.

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• PKI.js

  1 1,214 6.1 TypeScript

  PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.

  

• debops

  7 1,188 8.6 Jinja

  DebOps - Your Debian-based data center in a box

  

• CIRCL

  6 1,182 8.0 Go

  CIRCL: Cloudflare Interoperable Reusable Cryptographic Library

  

Project mention: Lattice Asymetric Encryption | /r/crypto | 2023-05-22

- https://github.com/cloudflare/circl

• certspotter

  4 913 6.9 Go

  Certificate Transparency Log Monitor

  

Project mention: SSLMate/Certspotter: Certificate Transparency Log Monitor | news.ycombinator.com | 2023-11-02

• Locksmith

  3 684 9.3 PowerShell

  A small tool built to find and fix common misconfigurations in Active Directory Certificate Services. (by TrimarcJake)

• noosphere

  7 638 9.5 Rust

  Noosphere is a protocol for thought; let's discover it together!

  

• ejbca-ce

  2 523 9.5 Java

  EJBCA® – Open-source public key infrastructure (PKI) and certificate authority (CA) software.

  

• putty-cac

  12 448 6.1 C

  Windows Secure Shell Client With Support For Smart Cards, Certificates, & FIDO Keys

Project mention: NIST: Personal Identity Verification (PIV) of Federal Employees and Contractors | news.ycombinator.com | 2024-03-23

PuTTY-CAC was an interesting, although imperfect solution to using PIV/CAC cards together with SSH. I remember piloting it from 2013-2014 at an agency. Back then, it was maintained by Dan Risacher[0]. Nowadays it is maintained on GitHub[1] and adopted some interesting features like FIDO.

[0] https://risacher.org/putty-cac/

[1] https://github.com/NoMoreFood/putty-cac

• KadNode

  2 404 7.5 C

  P2P DNS with content key, crypto key and PKI support. DynDNS alternative.

Project mention: Building a decentralized name system on top of IRC | news.ycombinator.com | 2023-12-25

• sharkey

  2 391 5.4 Go

  Sharkey is a service for managing certificates for use by OpenSSH

  

• PSPKI

  4 359 7.8 PowerShell

  PowerShell PKI Module

  

Project mention: AD CS management tools | /r/sysadmin | 2023-06-20

For my scope the PS module is enough. https://github.com/PKISolutions/PSPKI

• pki

  2 320 9.8 Java

  The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.

  

• heimdal

  5 312 8.0 C

  Heimdal

  

Project mention: Let's Kerberos | news.ycombinator.com | 2024-04-09

The Swedes also started their own from-scratch implementation, known as Heimdal (https://github.com/heimdal/heimdal), which has a bunch of nifty things in it including a from-scratch PKIX/x.509 implementation and a from-scratch ASN.1 compiler and library.

• labca

  4 287 8.5 Go

  A private Certificate Authority for internal (lab) use, based on the open source ACME Automated Certificate Management Environment implementation from Let's Encrypt (tm).

• ct-woodpecker

  1 172 3.6 Go

  A tool to monitor a certificate transparency log for operational problems

  

Project mention: I looked through attacks in my access logs. Here's what I found | news.ycombinator.com | 2024-01-28

Was looking into Certificate Transparency logs recently. Are there any convenient tools/methods for querying CT logs? i.e. search for domains within a timeframe

Cloudflare’s Merkle Town[0] is useful for getting overviews, but I haven’t found an easy way to query CT logs. ct-woodpecker[1] seems promising, too

[0] https://ct.cloudflare.com/

[1] https://github.com/letsencrypt/ct-woodpecker

• IsoApplet

  2 158 4.0 Java

  A Java Card PKI Applet aiming to be ISO 7816 compliant

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

PKI related posts

• OpenVPN server in a Docker container complete with an EasyRSA PKI CA

  1 project | news.ycombinator.com | 30 Mar 2024

• SSLMate/Certspotter: Certificate Transparency Log Monitor

  1 project | news.ycombinator.com | 2 Nov 2023

• Last Chance to Fix EIDAS (Mozilla)

  2 projects | news.ycombinator.com | 2 Nov 2023

• Encrypted traffic interception on Hetzner and Linode targeting Jabber service

  3 projects | news.ycombinator.com | 20 Oct 2023

• AD CS management tools

  1 project | /r/sysadmin | 20 Jun 2023

• [Docker] Meilleur conteneur VPN?

  1 project | /r/enfrancais | 9 May 2023

• Pentester PSA: Check your Active Directory Certificate Services (AD CS) For Vulnerabilities

  5 projects | /r/sysadmin | 29 Apr 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 2 May 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com