A utility to examine and validate certificates in a variety of formats
Go Perl6 Terra Perl Makefile Shell
Latest commit 8e02295 Dec 12, 2016 @csstaub csstaub committed on GitHub Merge pull request #103 from square/cs/no-print
Return error instead of printing to stderr in lib



license release build report

Certigo is a utility to examine and validate certificates in a variety of formats.

Currently supported formats are X.509 (DER/PEM), JCEKS/JKS, PKCS7 and PKCS12. Need support for an exotic certificate storage format that's not yet supported? Open an issue on Github and maybe we can add it. We enjoy the challenge!


To install certigo, simply use:

go get -u github.com/square/certigo

On macOS you can also use homebrew to install:

brew install certigo

Note that certigo requires Go 1.5 or later to build.


We use glide for managing vendored dependencies.


Certigo can read certificates/keystores in various formats and dump them to stdout.

Certigo will display information in a human-readable way, and print warnings for common mistakes (such as small key sizes or weak signatures/hash functions). Certigo can also convert any input to a series of PEM blocks, which is useful if you want to e.g. dump the contents of unusual container formats into something more useful.

usage: certigo [<flags>] <command> [<args> ...]

A command line certificate examination utility.

  --help     Show context-sensitive help (also try --help-long and --help-man).
  --version  Show application version.

  help [<command>...]
    Show help.

  dump [<flags>] [<file>...]
    Display information about a certificate from a file/stdin.

  connect [<flags>] [<server:port>]
    Connect to a server and print its certificate(s).

  verify --name=NAME [<flags>] [<file>]
    Verify a certificate chain from file/stdin against a name.


Display information about a certificate (from a file, or from stdin):

Export certificates/keys from a keystore into PEM blocks:

Display information about a certificate from a remote server: