Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

🔐 A lightweight high level library for configuring a http client or server based on SSLContext or other properties such as TrustManager, KeyManager or Trusted Certificates to communicate over SSL TLS for one way authentication or two way authentication provided by the SSLFactory. Support for Java, Scala and Kotlin based clients with examples. Av…

Stars: ✭ 295 (-13.49%)

Mutual labels: tls, certificate

Lemur

Repository for the Lemur Certificate Manager

Stars: ✭ 1,533 (+349.56%)

Mutual labels: aws, tls

concerto

A command line tool and a library to generate TLS certificates for development purposes.

Stars: ✭ 34 (-90.03%)

Mutual labels: tls, certificate

Mt Aws Glacier

Perl Multithreaded Multipart sync to Amazon Glacier

Stars: ✭ 522 (+53.08%)

Mutual labels: aws, vault

Terraform Aws Alb

Terraform module to provision a standard ALB for HTTP/HTTP traffic

Stars: ✭ 53 (-84.46%)

Mutual labels: aws, tls

freshcerts

ACME certificate protocol (Let's Encrypt) proxy client with a dashboard and monitoring

Stars: ✭ 59 (-82.7%)

Mutual labels: tls, certificate

Certainty

Automated cacert.pem management for PHP projects

Stars: ✭ 255 (-25.22%)

Mutual labels: tls, certificate

View All Similar Projects ➔

Certify

Certify allows easy automatic certificate distribution and maintenance. Certificates are requested as TLS connections are made, courtesy of the GetCertificate and GetClientCertificate tls.Config hooks. Certificates are optionally cached. Simultaneous requests are deduplicated to minimize pressure on issuers.

Vault walkthrough

My presentation from GolangPiter 2019 contains a walkthrough of how to configure your Vault instance to securely issue certificates for your Go clients and servers.

Users

Georgetown University

Are you using Certify and want to be visible here? Open an issue!

Issuers

Certify exposes an Issuer interface which is used to allow switching between issuer backends.

Currently implemented issuers:

Usage

Create an issuer:

issuer := &vault.Issuer{
    URL: &url.URL{
        Scheme: "https",
        Host: "my-local-vault-instance.com",
    },
    Token:     "myVaultToken",
    Role:      "myVaultRole",
}

Create a Certify:

c := &certify.Certify{
    // Used when request client-side certificates and
    // added to SANs or IPSANs depending on format.
    CommonName: "MyServer.com",
    Issuer: issuer,
    // It is recommended to use a cache.
    Cache: certify.NewMemCache(),
    // It is recommended to set RenewBefore.
    // Refresh cached certificates when < 24H left before expiry.
    RenewBefore: 24*time.Hour,
}

Use in your TLS Config:

tlsConfig := &tls.Config{
    GetCertificate: c.GetCertificate,
}

That's it! Both server-side and client-side certificates can be generated:

tlsConfig := &tls.Config{
    GetClientCertificate: c.GetClientCertificate,
}

For an end-to-end example using gRPC with mutual TLS authentication, see the Vault tests.

Docker image (sidecar model)

If you really want to use Certify but you are not able to use Go, there is now a Docker image available!

Simply configure this image as the access point for your Kubernetes pod and let it proxy traffic to your server.

How does it work?

Certify hooks into the GetCertificate and GetClientCertificate methods of the Go TLS stack Config struct. These get called when the server/client respectively is required to present its certificate. If possible, this is fetched from the cache, based on the requested server name. If not, a new certificate is issued with the requested server name present. For client requests, the configured CommonName is used.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 341

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (12) 🔗