Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sgnn7/crtool

Helper tooling for certificate management
https://github.com/sgnn7/crtool

Last synced: 7 days ago
JSON representation

Helper tooling for certificate management

Host: GitHub
URL: https://github.com/sgnn7/crtool
Owner: sgnn7
License: apache-2.0
Created: 2020-05-22T13:44:14.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-06-05T21:39:25.000Z (over 4 years ago)
Last Synced: 2024-06-20T10:22:26.753Z (5 months ago)
Language: Go
Size: 39.1 KB
Stars: 1
Watchers: 3
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

# crtool

Helper tooling for certificate management

## Features

- Simple saving of remote server certificate to a file (PEM and/or DER)
- Simple in-depth verification of remote and/or local server certificates
- Transcoding of certificates from PEM to DER

## Benefits

- Static binary builds
- Does not require any host tools/packages

## Installation

### Linux

Install one of the packages (`.deb` or `.rpm` from the [releases page](https://github.com/sgnn7/crtool/releases))

Or install manually:
- Replace `${VERSION}` with the appropriate release version (e.g. `0.0.3`)
- Download the `crtool`:
```sh-session
wget -O crtool https://github.com/sgnn7/crtool/releases/download/v${VERSION}/crtool_linux && \
chmod +x ./crtool
```

### macOS

- Replace `${VERSION}` with the appropriate release version (e.g. `0.0.3`)
- Download the `crtool`:
```sh-session
wget -O crtool https://github.com/sgnn7/crtool/releases/download/v${VERSION}/crtool_darwin && \
chmod +x ./crtool
```

### Windows

- Replace `${VERSION}` with the appropriate release version (e.g. `0.0.3`)
- Download the `crtool`:
```sh-session
wget -O crtool.exe https://github.com/sgnn7/crtool/releases/download/v${VERSION}/crtool.exe
```

## Usage

- [`crtool verify`](#crtool-verify)
- [`crtool dump`](#crtool-dump)

### `crtool verify`

Verify certifcates of target server

```sh-session
crtool verify -t [-p port]
```

_Note: This command supports verification of file-provided PEM certs too if you
specify the `file://` schema:_
```sh-session
crtool verify -t file://path/to/file.crt
```

Currently this verifies per connection:
- Hostname
- System's CA certificate chain
- Issuer's CN
- Issuer's Signature

Currently this verifies per-cert fields:
- NotBefore
- NotAfter

#### Examples

Verify an expired cert
```sh-session
crtool verify -t expired.badssl.com
```

Verify a valid cert
```sh-session
crtool verify -t expired.badssl.com
```

Verify certificate(s) in a file
```sh-session
crtool verify -t file://server.crt
```

### `crtool dump`

Dump certifcates of target server to output. Works with self-signed certificates!

```sh-session
crtool dump -t [-p port] [-o file] [-e < pem | der >]
```

_Note: This command supports using file-provided PEM-encoded certs if you specify the
`file://` schema which is useful in transcoding._
```sh-session
crtool dump -t file://server.pem -o server.der -e der
```

#### Examples

Dump certifates from an https server to stdout in PEM encoding:
```sh-session
crtool dump -t google.com
```

Dump certifates from an https server into a file:
```sh-session
crtool dump -t google.com -o certs.txt
```

Dump leaf certifate from an https server into a file in DER encoding:
```sh-session
crtool dump -t google.com -o cert.der -e der
```

Dump certifates from an https server on a custom port into a file:
```sh-session
crtool dump -t google.com -p 8443 -o certs.txt
```

Dump certificates from an https server and pass it to another program
```sh-session
crtool dump -t google.com | cat
```

## Contributors

- Srdjan Grubor ([@sgnn7](https://github.com/sgnn7))