tehmaze / Sortpem
Licence: mit
➿ Sorting utility for PEM files
Stars: ✭ 11
Projects that are alternatives of or similar to Sortpem
Pem
Create private keys and certificates with node.js
Stars: ✭ 496 (+4409.09%)
Mutual labels: ssl, tls, certificate
Fluentftp
An FTP and FTPS client for .NET & .NET Standard, optimized for speed. Provides extensive FTP commands, File uploads/downloads, SSL/TLS connections, Automatic directory listing parsing, File hashing/checksums, File permissions/CHMOD, FTP proxies, FXP support, UTF-8 support, Async/await support, Powershell support and more. Written entirely in C#,…
Stars: ✭ 1,943 (+17563.64%)
Mutual labels: unix, ssl, tls
Cert
Cert is the Go tool to get TLS certificate information.
Stars: ✭ 166 (+1409.09%)
Mutual labels: ssl, tls, certificate
Ssl Proxy
🔒 Simple zero-config SSL reverse proxy with real autogenerated certificates (LetsEncrypt, self-signed, provided)
Stars: ✭ 427 (+3781.82%)
Mutual labels: ssl, tls, certificate
qsslcaudit
test SSL/TLS clients how secure they are
Stars: ✭ 22 (+100%)
Mutual labels: tls, ssl, certificate
Aspnetcorecertificates
Certificate Manager in .NET Core for creating and using X509 certificates
Stars: ✭ 135 (+1127.27%)
Mutual labels: ssl, tls, certificate
Ssl exporter
Exports Prometheus metrics for SSL certificates
Stars: ✭ 211 (+1818.18%)
Mutual labels: ssl, tls, certificate
Certigo
A utility to examine and validate certificates in a variety of formats
Stars: ✭ 662 (+5918.18%)
Mutual labels: ssl, tls, certificate
smtplib-bruteforce
bruteforcing gmail (TLS/SSL)
Stars: ✭ 26 (+136.36%)
Mutual labels: tls, ssl, certificate
Certstrap
Tools to bootstrap CAs, certificate requests, and signed certificates.
Stars: ✭ 1,689 (+15254.55%)
Mutual labels: ssl, tls, certificate
letsencrypt-www
Probably the easiest way to create | renew | deploy certificate
Stars: ✭ 27 (+145.45%)
Mutual labels: tls, ssl, certificate
Acmetool
🔒 acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)
Stars: ✭ 1,882 (+17009.09%)
Mutual labels: ssl, tls, certificate
Ssl Checker
Python script that collects SSL/TLS information from hosts
Stars: ✭ 94 (+754.55%)
Mutual labels: ssl, tls, certificate
Mutual Tls Ssl
🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC examples are included
Stars: ✭ 163 (+1381.82%)
Mutual labels: ssl, tls, certificate
Nico
A HTTP2 web server for reverse proxy and single page application, automatically apply for ssl certificate, Zero-Configuration.
Stars: ✭ 43 (+290.91%)
Mutual labels: ssl, tls, certificate
sslcontext-kickstart
🔐 A lightweight high level library for configuring a http client or server based on SSLContext or other properties such as TrustManager, KeyManager or Trusted Certificates to communicate over SSL TLS for one way authentication or two way authentication provided by the SSLFactory. Support for Java, Scala and Kotlin based clients with examples. Av…
Stars: ✭ 295 (+2581.82%)
Mutual labels: tls, ssl, certificate
freshcerts
ACME certificate protocol (Let's Encrypt) proxy client with a dashboard and monitoring
Stars: ✭ 59 (+436.36%)
Mutual labels: tls, ssl, certificate
O Saft
O-Saft - OWASP SSL advanced forensic tool
Stars: ✭ 306 (+2681.82%)
Mutual labels: ssl, tls, certificate
SortPEM 
Sorting utility for PEM files. Failing to remember what order to put the
certificate and its intermediates in? And what intermediate should we include?
Wonder no longer, and let sortpem resolve the chain for you.
It is assumed your system receives software updates, and it has a recent copy
of the trusted certificate bundle for your operating system. sortpem does
not provide root certificates; there are many sources out there that can
provide you that information.
If you wish to use a custom trusted roots bundle (in PEM format), you can pass
the -ca <file> flag to sortpem.
Options
Most of the flags are compatible with the sort(1) utility:
-D Enable debug logging
-a Output all blocks, not only the ones matching -t
-c Count blocks
-ca string
CA file
-d Dump text output of decoded PEM block
-o string
Print the output to a file in stead of standard output
-p string
Preset (use "list" for an overview)
-r Reverse sort
-root
Include root certificate
-s Stable sort
-t value
Type of block order and filter (regular expression(s))
-u Unique blocks
Presets
There are presets available that sets a combination of default options based on the chose preset:
certs -t "^CERTIFICATE$" -R
keys -t "PRIVATE KEY$"
nginx -t "^CERTIFICATE$" -t "PRIVATE KEY$"
haproxy -t "^CERTIFICATE$" -t "PRIVATE KEY$" -R
Example
Sort a PEM bundle, CERTIFICATEs first, then any PRIVATE KEY:
[email protected]:~$ ls -1 testdata/*.crt testdata/endpoint.key
testdata/endpoint.crt
testdata/endpoint.key
testdata/intermediate.crt
testdata/issuer.crt
testdata/root.crt
# We have a self-signed root:
[email protected]:~$ openssl x509 -in testdata/root.crt -noout -subject -issuer
subject= /CN=Test Root
issuer= /CN=Test Root
# By default, the root certificate is omitted (enabled -d which decodes blocks):
[email protected]:~$ cat testdata/*.crt testdata/endpoint.key | sortpem -d | grep Subject:
Subject: CN=endpoint.example.org,L=IL
Subject: CN=Test Intermediate
Subject: CN=Test Issuer
# We can include it, with -root:
[email protected]:~$ cat testdata/*.crt testdata/endpoint.key | sortpem -root -d | grep Subject:
Subject: CN=endpoint.example.org,L=IL
Subject: CN=Test Intermediate
Subject: CN=Test Issuer
Subject: CN=Test Root
# The private key is in there too, by the way:
[email protected]:~$ cat testdata/*.crt testdata/endpoint.key | sortpem -root | grep 'BEGIN '
-----BEGIN CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
# Download a public certificate:
[email protected]:~$ echo "" | openssl s_client -connect google.com:443 -showcerts > testdata/google.com.crt
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify error:num=20:unable to get local issuer certificate
verify return:0
DONE
# It sent us 2 certificates:
[email protected]:~$ grep -c 'BEGIN CERTIFICATE' testdata/google.com.crt
2
# Inspect them:
[email protected]:~$ sortpem -d testdata/google.com.crt | grep Subject:
Subject: CN=*.google.com,O=Google LLC,L=Mountain View,ST=California,C=US
Subject: CN=Google Internet Authority G3,O=Google Trust Services,C=US
# Get the full chain, including root:
[email protected]:~$ sortpem -root -d testdata/google.com.crt | grep Subject:
Subject: CN=*.google.com,O=Google LLC,L=Mountain View,ST=California,C=US
Subject: CN=Google Internet Authority G3,O=Google Trust Services,C=US
Subject: CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].