This project is a toolkit for creating and managing X.509 certificate authorities, providing tools for the issuance, signing, and management of TLS certificates and private keys. It includes a command-line utility for generating certificate signing requests, bundling certificate chains, and parsing PEM or DER files.
Die Hauptfunktionen von cloudflare/cfssl sind: Certificate Authorities, PKI Management, Root Authority Creation, Server Certificate Generators, Automated Certificate Issuance, Certificate Lifecycle Management, Programmatic Certificate Management APIs, Certificate Revocations.
Open-Source-Alternativen zu cloudflare/cfssl sind unter anderem: smallstep/cli — This project is a command-line tool for managing public key infrastructure and digital identities. It provides a… smallstep/certificates — This project is a public key infrastructure management system designed to automate the issuance, renewal, and… caddyserver/certmagic — Certmagic is a Go library for automating the issuance and renewal of TLS certificates. It functions as an automatic… cert-manager/cert-manager — This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS… vonng/pigsty — Pigsty is a comprehensive database infrastructure orchestration platform designed to automate the full lifecycle of… openvpn/easy-rsa — Easy-RSA is a shell-based utility designed to automate the creation and management of a public key infrastructure. It…
This project is a command-line tool for managing public key infrastructure and digital identities. It provides a comprehensive suite for X.509 certificate lifecycle management, including the generation, signing, renewal, and revocation of certificates and signing requests. The tool distinguishes itself through specialized security capabilities such as binding cryptographic credentials to TPMs and HSMs for hardware-backed identity attestation. It also provides dedicated support for machine identity security, using short-lived SSH certificates and mTLS to secure non-human workloads. Broad capa
This project is a public key infrastructure management system designed to automate the issuance, renewal, and revocation of X.509, TLS, and SSH certificates. It functions as a machine identity provider and certificate authority, enabling the establishment of private PKI to secure inter-service communication and remote access. The system distinguishes itself through hardware-bound identity attestation, which ties cryptographic keys to physical device silicon or TPMs to prevent credential exfiltration. It supports a wide array of identity verification mechanisms, including OIDC, cloud-provider
Certmagic is a Go library for automating the issuance and renewal of TLS certificates. It functions as an automatic HTTPS provisioner and ACME client that handles the full lifecycle of certificates to ensure secure connectivity without manual intervention. The library is distinguished by its support for on-demand TLS provisioning, which generates certificates dynamically during the TLS handshake based on the server name. It also provides automation for wildcard certificates through DNS challenge verification and integrates with the ZeroSSL API for certificate acquisition. The project covers
This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS certificates. It functions as a native extension to the cluster API, using custom resource definitions and reconciliation loops to maintain the desired state of certificates and trust bundles across distributed services. By integrating directly with the cluster's admission control and secret storage systems, it ensures that cryptographic identities are consistently provisioned and available for application workloads. The project distinguishes itself through its extensive support for a