awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-Source-AlternativenSelf-hosted SoftwareBlogSitemap
ProjektÜber unsRanking-MethodikPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
cloudflare avatar

cloudflare/cfssl

0
View on GitHub↗
9,443 Stars·1,144 Forks·Go·BSD-2-Clause·4 Aufrufecfssl.org↗

Cfssl

This project is a toolkit for creating and managing X.509 certificate authorities, providing tools for the issuance, signing, and management of TLS certificates and private keys. It includes a command-line utility for generating certificate signing requests, bundling certificate chains, and parsing PEM or DER files.

The system features an HTTP API server that allows for remote signing and verification of certificates using JSON requests and responses. This architecture supports automated certificate provisioning and includes a signing proxy to forward requests to remote backend services.

The project covers a broad range of PKI infrastructure capabilities, including root and intermediate authority creation, certificate revocation, and the construction of compatible trust chains. It also provides utilities for the Online Certificate Status Protocol to sign and cache responses for verifying the revocation status of certificates.

The toolkit manages the certificate lifecycle through database-backed state tracking and supports various data encoding transformations for system compatibility.

Features

  • Certificate Authorities - Provides a full toolkit for creating and managing root and intermediate certificate authorities to issue and sign TLS certificates.
  • PKI Management - Provides a complete toolkit for creating and managing root and intermediate certificate authorities.
  • Root Authority Creation - Provides a utility for generating a self-signed root CA certificate along with a private key and certificate request.
  • Server Certificate Generators - Provides an HTTP server to remotely generate and sign certificates via JSON-based requests.
  • Automated Certificate Issuance - Automates the process of requesting and issuing certificates via an HTTP API server.
  • Certificate Lifecycle Management - Tracks the state, issuance, and revocation of certificates through a persistent database.
  • Programmatic Certificate Management APIs - Provides a RESTful API for automating the issuance, signing, and management of X.509 certificates.
  • Certificate Revocations - Provides a mechanism for marking certificates as invalid in a database with a specific reason to prevent further trust.
  • Certificate Signing - Validates and signs certificate requests using a CA certificate and private key.
  • Remote Signing - Exposes a network interface for remote signing of certificates without requiring private key distribution.
  • TLS Certificate Signing - Signs certificate requests using a CA certificate and private key with subject information overrides.
  • Certificate State Tracking - Records issued and revoked certificates in a persistent store to manage the PKI lifecycle.
  • CSR Generators - Includes a utility for creating private keys and certificate signing requests based on hostnames and subject information.
  • Certificate Verification - Validates the authenticity of TLS certificates and verifies revocation status via OCSP.
  • X.509 Management Utilities - Provides a comprehensive command-line utility for generating CSRs, bundling certificate chains, and parsing PEM or DER files.
  • TLS Chain Construction - Bundles certificates into contiguous chains to ensure compatibility across various client trust stores.
  • Chain Bundle Construction - Assembles leaf, intermediate, and root certificates into compatible chains for client trust stores.
  • TLS Certificate Issuance - Generates private keys and signs requests to produce valid certificates for securing services.
  • PEM Formatting - Provides utilities to convert certificates and keys between binary DER and human-readable PEM formats.
  • OCSP - Stores pre-signed OCSP responses to enable fast verification of certificate revocation status.
  • Chain Construction - Combines leaf, root, and intermediate certificates into a chain optimized for browser and operating system compatibility.
  • Signing Proxies - Implements a signing proxy that forwards certificate requests to remote backend services.
  • Certificate Verification - Checks the validity and chain of trust of TLS certificates to ensure authenticity.
  • OCSP Response Caching - Caches and exports certificate status protocol responses to provide fast verification of certificate validity.
  • OCSP Response Signing - Generates and signs OCSP responses to verify the real-time revocation status of certificates.
  • Self-Signed Certificate Generators - Generates root CA certificates and private keys signed by their own private key.
  • Hardware and PKI Security - Provides a command-line toolkit and API for PKI and TLS operations.
  • Sicherheit und Datenschutz - PKI and TLS toolkit.

Star-Verlauf

Star-Verlauf für cloudflare/cfsslStar-Verlauf für cloudflare/cfssl

KI-Suche

Entdecke weitere awesome Repositories

Beschreibe in einfachen Worten, was du brauchst — die KI bewertet tausende kuratierte Open-Source-Projekte nach Relevanz.

Start searching with AI

Häufig gestellte Fragen

Was macht cloudflare/cfssl?

This project is a toolkit for creating and managing X.509 certificate authorities, providing tools for the issuance, signing, and management of TLS certificates and private keys. It includes a command-line utility for generating certificate signing requests, bundling certificate chains, and parsing PEM or DER files.

Was sind die Hauptfunktionen von cloudflare/cfssl?

Die Hauptfunktionen von cloudflare/cfssl sind: Certificate Authorities, PKI Management, Root Authority Creation, Server Certificate Generators, Automated Certificate Issuance, Certificate Lifecycle Management, Programmatic Certificate Management APIs, Certificate Revocations.

Welche Open-Source-Alternativen gibt es zu cloudflare/cfssl?

Open-Source-Alternativen zu cloudflare/cfssl sind unter anderem: smallstep/cli — This project is a command-line tool for managing public key infrastructure and digital identities. It provides a… smallstep/certificates — This project is a public key infrastructure management system designed to automate the issuance, renewal, and… caddyserver/certmagic — Certmagic is a Go library for automating the issuance and renewal of TLS certificates. It functions as an automatic… cert-manager/cert-manager — This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS… vonng/pigsty — Pigsty is a comprehensive database infrastructure orchestration platform designed to automate the full lifecycle of… openvpn/easy-rsa — Easy-RSA is a shell-based utility designed to automate the creation and management of a public key infrastructure. It…

Open-Source-Alternativen zu Cfssl

Ähnliche Open-Source-Projekte, sortiert nach der Anzahl der gemeinsamen Funktionen mit Cfssl.
  • smallstep/cliAvatar von smallstep

    smallstep/cli

    4,255Auf GitHub ansehen↗

    This project is a command-line tool for managing public key infrastructure and digital identities. It provides a comprehensive suite for X.509 certificate lifecycle management, including the generation, signing, renewal, and revocation of certificates and signing requests. The tool distinguishes itself through specialized security capabilities such as binding cryptographic credentials to TPMs and HSMs for hardware-backed identity attestation. It also provides dedicated support for machine identity security, using short-lived SSH certificates and mTLS to secure non-human workloads. Broad capa

    Gocertificatecryptographyencryption
    Auf GitHub ansehen↗4,255
  • smallstep/certificatesAvatar von smallstep

    smallstep/certificates

    8,245Auf GitHub ansehen↗

    This project is a public key infrastructure management system designed to automate the issuance, renewal, and revocation of X.509, TLS, and SSH certificates. It functions as a machine identity provider and certificate authority, enabling the establishment of private PKI to secure inter-service communication and remote access. The system distinguishes itself through hardware-bound identity attestation, which ties cryptographic keys to physical device silicon or TPMs to prevent credential exfiltration. It supports a wide array of identity verification mechanisms, including OIDC, cloud-provider

    Goacmeacme-serverca
    Auf GitHub ansehen↗8,245
  • caddyserver/certmagicAvatar von caddyserver

    caddyserver/certmagic

    5,568Auf GitHub ansehen↗

    Certmagic is a Go library for automating the issuance and renewal of TLS certificates. It functions as an automatic HTTPS provisioner and ACME client that handles the full lifecycle of certificates to ensure secure connectivity without manual intervention. The library is distinguished by its support for on-demand TLS provisioning, which generates certificates dynamically during the TLS handshake based on the server name. It also provides automation for wildcard certificates through DNS challenge verification and integrates with the ZeroSSL API for certificate acquisition. The project covers

    Goacmeautomatic-httpsgo
    Auf GitHub ansehen↗5,568
  • cert-manager/cert-managerAvatar von cert-manager

    cert-manager/cert-manager

    13,578Auf GitHub ansehen↗

    This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS certificates. It functions as a native extension to the cluster API, using custom resource definitions and reconciliation loops to maintain the desired state of certificates and trust bundles across distributed services. By integrating directly with the cluster's admission control and secret storage systems, it ensures that cryptographic identities are consistently provisioned and available for application workloads. The project distinguishes itself through its extensive support for a

    Gocertificatecrdhacktoberfest
    Auf GitHub ansehen↗13,578
  • Alle 30 Alternativen zu Cfssl anzeigen→