Skip to content
/ certutil Public

A small cli to inspect x509 certificates.

License

MIT license
3 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jsws/certutil

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
cmd
cmd
 
 
pkg
pkg
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
file.pem
file.pem
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Certutil

Go Report Card

Certutil is a cli to help you to easily look inside certificates and debug issues.
image

Motivation

I got tired of googling for openssl commands and wanted something simple and easy to use with a memorable cli.

Usage

Install with go install

$ go install github.com/jsws/certutil@latest

Info

info will print out certificate information in an easily readable format. It will also perform AIA fetching.

$ certutil info connect github.com
Connecting to github.com:443
Connected to 140.82.121.4:443
Recieved 2 certificate(s).

Certificate 0
  Subject: CN=github.com,O=GitHub\, Inc.,L=San Francisco,ST=California,C=US
  Issuer:  CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
  DNS Names: github.com, www.github.com
  Vailidity Period
      Not Before:  2020-05-05 00:00:00 +0000 UTC ✅
      Not After:   2022-05-10 12:00:00 +0000 UTC ✅

Certificate 1
  Subject: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
  Issuer:  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
  Vailidity Period
      Not Before:  2013-10-22 12:00:00 +0000 UTC ✅
      Not After:   2028-10-22 12:00:00 +0000 UTC ✅

Certificate is valid 🔒

Save

save will save the certificates presented by a server to a file in PEM format. The file to the save the PEM chain in is given with the --output or -o flag. If no output file is set the PEM encoded certificate is outputted to stdout.

$ certutil save connect github.com -o file.pem
Connecting to jsws.co.uk:443
Connected to 185.199.111.153:443
Recieved 2 certificate(s).
Saving to file.pem

$ certutil save connect github.com
Connecting to github.com:443
Connected to 140.82.121.3:443
Recieved 2 certificate(s).
-----BEGIN CERTIFICATE-----
...

Connect

The connect subcommand can be used with the info and save command to connect to a server presenting TLS certificates. The --servername or -s flag can be used to set the SNI.

Read

The read subcommand can be used with the info command to display certificate information from a local PEM encoded certificate file. The path of the file is given as an argument.

$ certutil info read certs/file.pem

Limitations

info.IsValid() shouldn't be used for anything important as it doesn't do revocation checking or certificate transparency checking.

TODO:

  • Ability to show full cert chain when AIA fetching is used.
  • Add verbose output for AIA
  • Add revocation checking

About

A small cli to inspect x509 certificates.

Topics

go tls certificates

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages