Top 23 X509 Open-Source Projects

• certificates

  40 6,131 9.5 Go

  🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

  

Project mention: You shouldn't run NSA-grade Wi-Fi at home | news.ycombinator.com | 2024-01-04

You can roll your own with https://github.com/smallstep/certificates. We maintain major open source projects and contribute a lot to other projects. I don’t think that means everything we do has to be open source. Sorry this one wasn’t. Doing this in pure open source would be a book, not a blog post.

Love Let’s Encrypt — we’re sponsors — but using them for WiFi is a terrible idea. You need internal PKI for WiFi.

• PHPSecLib

  12 5,247 8.9 PHP

  PHP Secure Communications Library

  

Project mention: How to install software on VPS through PHP? | /r/PHP | 2023-10-24

I recommend using PHPSecLib which has a powerful SSH library that is far more versatile than the official PHP SSH extension.

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• forge

  4 4,945 0.0 JavaScript

  A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps (by digitalbazaar)

  

Project mention: Forge: Native implementation of TLS in JavaScript for web apps | news.ycombinator.com | 2024-03-24

• cli

  8 3,478 9.2 Go

  🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. (by smallstep)

  

Project mention: Google will disable all but OAuth for IMAP, SMTP and POP starting Sept. 30 | news.ycombinator.com | 2024-01-18

https://github.com/smallstep/cli implements some OAuth flows from the CLI, it may be helpful for you.

• Botan

  5 2,406 9.8 C++

  Cryptography Toolkit

Project mention: Ask HN: What are some of the most elegant codebases in your favorite language? | news.ycombinator.com | 2023-06-17

• acmetool

  1 2,022 0.0 Go

  :lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)

• xca

  4 1,336 9.3 C++

  X Certificate and Key management

Project mention: (StarLAN) Personal Home Lab | /r/homelab | 2023-07-22

XCA PKI (https://github.com/chris2511/xca) Local Certificate Authority software used for generating internal CA and SSL certs. All of my HTTPS interfaces in my lab have the magic green padlock. I did this for no other reason than to learn more about how to manage and deploy SSL certificates also, the Chrome security warnings are really annoying.

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• certigo

  5 920 0.0 Go

  A utility to examine and validate certificates in a variety of formats

  

• certspotter

  4 913 6.9 Go

  Certificate Transparency Log Monitor

  

Project mention: SSLMate/Certspotter: Certificate Transparency Log Monitor | news.ycombinator.com | 2023-11-02

• certificate-ripper

  17 665 7.2 Java

  🔐 A CLI tool to extract server certificates

Project mention: Certificate Ripper v2.2.0 released - tool to extract server certificates | /r/linuxadmin | 2023-10-26

Link: https://github.com/Hakky54/certificate-ripper/releases

• go-guardian

  2 528 1.4 Go

  Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.

• webpki

  6 451 8.0 Rust

  WebPKI X.509 Certificate Validation in Rust

• PSPKI

  4 359 7.8 PowerShell

  PowerShell PKI Module

  

Project mention: AD CS management tools | /r/sysadmin | 2023-06-20

For my scope the PS module is enough. https://github.com/PKISolutions/PSPKI

• zlint

  3 341 8.5 Go

  X.509 Certificate Linter focused on Web PKI standards and requirements.

  

Project mention: Let's Encrypt Acme API Outage | news.ycombinator.com | 2023-06-15

Yup, the two most popular are:

https://github.com/zmap/zlint

https://github.com/certlint/certlint

They each have their strengths and weaknesses, so CAs are advised to use both.

• openssl

  1 286 0.0 C

  Fork of OpenSSL 1.1.1 that includes prototype quantum-resistant algorithms and ciphersuites based on liboqs [OQS-OpenSSL 1.1.1 is NO LONGER SUPPORTED, please switch to OQS-Provider for OpenSSL 3] (by open-quantum-safe)

  

• tls-scan

  2 273 4.3 C

  An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )

• ssl-checker

  1 239 7.0 Python

  Python script that collects SSL/TLS information from hosts

• ct-woodpecker

  1 170 3.6 Go

  A tool to monitor a certificate transparency log for operational problems

  

Project mention: I looked through attacks in my access logs. Here's what I found | news.ycombinator.com | 2024-01-28

Was looking into Certificate Transparency logs recently. Are there any convenient tools/methods for querying CT logs? i.e. search for domains within a timeframe

Cloudflare’s Merkle Town[0] is useful for getting overviews, but I haven’t found an easy way to query CT logs. ct-woodpecker[1] seems promising, too

[0] https://ct.cloudflare.com/

[1] https://github.com/letsencrypt/ct-woodpecker

• secret_handshake

  1 139 2.9 Python

  A prototype malware C2 channel using x509 certificates over mTLS

• win-ca

  1 99 3.7 LiveScript

  Get Windows System Root certificates

• lokey

  1 93 0.0 Python

  A tool that makes it easy to work with and convert between cryptographic key formats

• CryptoNet

  1 88 4.9 C#

  CryptoNet is simple, fast and a lightweight asymmetric and symmetric encryption library.

• showcert

  3 67 7.3 Python

  Simple OpenSSL for humans: all you need for X.509 TLS certificates (and nothing more).

Project mention: Your own Certificate Authority (CA) in ONE simple command | dev.to | 2024-01-29

Showcert is OpenSSL for humans, much simpler to use and it has gencert utility to generate certificates. Very easy.

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

X509 related posts

• Forge: Native implementation of TLS in JavaScript for web apps
  1 project | news.ycombinator.com | 24 Mar 2024
• We build X.509 chains so you don't have to
  5 projects | news.ycombinator.com | 25 Jan 2024
• SSLMate/Certspotter: Certificate Transparency Log Monitor
  1 project | news.ycombinator.com | 2 Nov 2023
• Last Chance to Fix EIDAS (Mozilla)
  2 projects | news.ycombinator.com | 2 Nov 2023
• Certificate Ripper v2.2.0 released - tool to extract server certificates
  1 project | /r/linuxadmin | 26 Oct 2023
• (StarLAN) Personal Home Lab
  4 projects | /r/homelab | 22 Jul 2023
• Distributing ACME Let'sEncrypt certs for homelab
  1 project | /r/homelab | 5 Jul 2023
• A note from our sponsor - InfluxDB
  www.influxdata.com | 25 Apr 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com