GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → spatie → Ssl Certificate Chain Resolver

spatie / Ssl Certificate Chain Resolver

Licence: mit
SSL certificate chain resolver

Labels

securitysslcertificatecertificate-authority

Projects that are alternatives of or similar to Ssl Certificate Chain Resolver

Pki
The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
Stars: ✭ 97 (-64.98%)
Mutual labels:  ssl, certificate, certificate-authority
Certstrap
Tools to bootstrap CAs, certificate requests, and signed certificates.
Stars: ✭ 1,689 (+509.75%)
Mutual labels:  ssl, certificate, certificate-authority
Mutual Tls Ssl
🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC examples are included
Stars: ✭ 163 (-41.16%)
Mutual labels:  ssl, certificate, certificate-authority
docker-nginx-certbot
Automatically create and renew website certificates for free using the Let's Encrypt certificate authority.
Stars: ✭ 367 (+32.49%)
Mutual labels:  ssl, certificate-authority
vault-ca
Set of scripts to create your own CA using hashicorp Vault
Stars: ✭ 16 (-94.22%)
Mutual labels:  ssl, certificate-authority
Bubbly
Better SSL in Nginx in 10 minutes. Configuration files and setup scripts for Certbot.
Stars: ✭ 217 (-21.66%)
Mutual labels:  ssl, certificate
wile
Stripped down letsencrypt (ACME) client
Stars: ✭ 15 (-94.58%)
Mutual labels:  ssl, certificate
diyca
Do-It-Yourself Certificate Authority
Stars: ✭ 18 (-93.5%)
Mutual labels:  ssl, certificate-authority
openssl-ca
Shell scripts to manage a private Certificate Authority using OpenSSL
Stars: ✭ 38 (-86.28%)
Mutual labels:  ssl, certificate-authority
tls-ca-manage
Multi-level Certificate Authority Management tool, front-end tool to OpenSSL, written in bash shell.
Stars: ✭ 19 (-93.14%)
Mutual labels:  ssl, certificate-authority
qsslcaudit
test SSL/TLS clients how secure they are
Stars: ✭ 22 (-92.06%)
Mutual labels:  ssl, certificate
openssl ca
openssl_ca with QT GUI
Stars: ✭ 16 (-94.22%)
Mutual labels:  certificate, certificate-authority
sslcontext-kickstart
🔐 A lightweight high level library for configuring a http client or server based on SSLContext or other properties such as TrustManager, KeyManager or Trusted Certificates to communicate over SSL TLS for one way authentication or two way authentication provided by the SSLFactory. Support for Java, Scala and Kotlin based clients with examples. Av…
Stars: ✭ 295 (+6.5%)
Mutual labels:  ssl, certificate
pki
Certificate Authority management suite
Stars: ✭ 23 (-91.7%)
Mutual labels:  ssl, certificate-authority
TestAuthority
Simple certificate authority for development written in C#. Allows issue of SSL certificates, including wildcard certificates
Stars: ✭ 32 (-88.45%)
Mutual labels:  ssl, certificate-authority
smtplib-bruteforce
bruteforcing gmail (TLS/SSL)
Stars: ✭ 26 (-90.61%)
Mutual labels:  ssl, certificate
laravel-ohdear-webhooks
Handle Oh Dear webhooks with ease in a Laravel app
Stars: ✭ 18 (-93.5%)
Mutual labels:  ssl, certificate
ACMECert
PHP client library for Let's Encrypt (ACME v2 - RFC 8555)
Stars: ✭ 83 (-70.04%)
Mutual labels:  ssl, certificate
Crypt Le
Crypt::LE - Let's Encrypt / Buypass / ACME client and library in Perl for obtaining free SSL certificates (inc. generating RSA/ECC keys and CSRs). HTTP/DNS verification is supported out of the box, easily extended with plugins, easily dockerized.
Stars: ✭ 277 (+0%)
Mutual labels:  ssl, certificate
ssl-date-checker
Nodejs Library to check and report on the start and expiration date of a given SSL certificate for a given domain.
Stars: ✭ 21 (-92.42%)
Mutual labels:  ssl, certificate
View All Similar Projects ➔

SSL Certificate Chain Resolver

Latest Version Software License Build Status Quality Score StyleCI Total Downloads

All operating systems contain a set of default trusted root certificates. But Certificate Authorities usually don't use their root certificate to sign customer certificates. They use so called intermediate certificates instead, because these can be rotated more frequently.

If not all intermediate certificates are installed on your server, some clients —mostly mobile browsers— will think you are on an insecure connection.

This tool can help you fix the incomplete certificate chain issue, also reported as Extra download by Qualys SSL Server Test.

If you need an online tool to solve this issue, take a look at certificatechain.io

Spatie is a webdesign agency in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.

Support us

We invest a lot of resources into creating best in class open source packages. You can support us by buying one of our paid products.

We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You'll find our address on our contact page. We publish all received postcards on our virtual postcard wall.

Postcardware

You're free to use this package (it's MIT-licensed), but if it makes it to your production environment you are required to send us a postcard from your hometown, mentioning which of our package(s) you are using.

Our address is: Spatie, Kruikstraat 22, 2018 Antwerp, Belgium.

The best postcards will get published on the open source page on our website.

Installation

This package can be installed using composer by running this command.

composer global require spatie/ssl-certificate-chain-resolver

Usage

Let's assume you have an incomplete certificate called cert.crt. To generate the a file containing the certificate and the entire trust chain, you can use this command:

ssl-certificate-chain-resolver resolve cert.crt

A file containing the certificate and the entire trust chain will be saved as certificate-including-trust-chain.crt

You can also pass the name of the file of the outputfile as the second argument:

ssl-certificate-chain-resolver resolve cert.crt your-output-file.crt

If the outputfile already exists, you will be asked if it's ok to overwrite it.

Updating

You can update ssl-certificate-chain-resolver to the latest version by running:

composer global update spatie/ssl-certificate-chain-resolver

Limitations

Currently this package does not work with Entity validation certificates or certificates issued by Let's Encrypt. A PR that adds this to package would be highly appreciated.

Testing

Functional and unit tests are included with the package.

You can run them yourself with vendor/bin/codecept run

Credits

This package was inspired by cert-chain-resolver written by Jan Žák. Some text, mainly the background about the trust chain, was copied from the readme of his repo.

Background: the trust chain

All operating systems contain a set of default trusted root certificates. But Certificate Authorities usually don't use their root certificate to sign customer certificates. Instead of they use so called intermediate certificates, because they can be rotated more frequently.

A certificate can contain a special Authority Information Access extension (RFC-3280) with URL to issuer's certificate. Most browsers can use the AIA extension to download missing intermediate certificate to complete the certificate chain. This is the exact meaning of the Extra download message. But some clients, mostly mobile browsers, don't support this extension, so they report such certificate as untrusted.

This results in 'untrusted'-warnings like this, since the browser thinks you are on an insecure connection.

Untrusted Warning

A server should always send a complete chain, which means concatenated all certificates from the certificate to the trusted root certificate (exclusive, in this order), to prevent such issues. So when installing a SSL certificate on a server you should install all intermediate certificates as well. You should be able to fetch intermediate certificates from the issuer and concat them together by yourself.

This tool helps you automatize that boring task by looping over certificate's AIA extension field.

About Spatie

Spatie is a webdesign agency in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.

License

The MIT License (MIT). Please see License File for more information.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].