tls
MITM Proxy for Thick Client & non-HTTP Protocol.
A TLS MITM proxy for TCP/TLS/UDP traffic, with support for TLS upgrades like STARTTLS, PostgreSQL, and more.
Non-HTTP proxy that supports TCP to TLS upgrade protocols like STARTTLS and custom protocols. Perfect for thick client intercept and database protocol analysis.
High speed TLS signature filtering.
Instead of taking the full JA4 hash to fingerprint traffic which is slow to calculate and is hard to implement in a BPF filter, I take a Jenkins hash of the sorted supported ciphers in any given TLS request. To similar effect as JA4, keeping fingerprinting usefulness. Switching to a non-cryptographic hashing algorithm is okay here because any given attacker with enough skill could replicate the ciphers of another client, so any hash reversing would be useless or at best force the attacker to implement a different amount of hashes.
Related contents:
This is a ACMEv2 client for Windows that aims to be very simple to start with, but powerful enough to grow into almost every scenario.
Centralized ACME Certificate Management. Your entire PKI at your fingertips.
Cert Warden is a centralized ACME Client. It provides an API for certificate consumers to fetch their individual keys and certs with API keys.
Web based user interface for mkcert CLI internal CA .
A secure, modern web interface for managing SSL certificates using the mkcert CLI tool. Generate, download, and manage local development certificates with enterprise-grade security and an intuitive web interface.
PHP Secure Communications Library.
Pure-PHP implementations of SSH, SFTP, RSA / DSA / Elliptic Curves, AES / ChaCha20 / etc, X.509
Kuvasz (pronounce as [ˈkuvɒs]) is an open-source uptime and SSL monitoring service, built in Kotlin.
Kuvasz [ˈkuvɒs], an open-source, self-hosted uptime & SSL monitoring service, designed to help you keep track of your websites and services. It provides a modern, user-friendly interface, a powerful REST API, and supports multiple notification channels like email, Slack, Telegram, and PagerDuty.
SSL Certificate Management System (API + UI).
CertMate is a powerful SSL certificate management system designed for modern infrastructure. Built with multi-DNS provider support, Docker containerization, and comprehensive REST API, it's the perfect solution for managing certificates across multiple datacenters and cloud environments.
Selfhostable web app to make managing mTLS certificates a breeze.
VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates with ease. It provides a centralized platform for generating, managing, and distributing client TLS certificates for your home lab.
The main reason why I developed VaulTLS was that I didn't like messing with shell scripts and OpenSSL. I also did not have an overview about the expiration of individual certificates.
SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.
SSLyze can analyze the SSL/TLS configuration of a server by connecting to it, in order to ensure that it uses strong encryption settings (certificate, cipher suites, elliptic curves, etc.), and that it is not vulnerable to known TLS attacks (Heartbleed, ROBOT, OpenSSL CCS injection, etc.).
The Mozilla CA certificate store in PEM format (around 200KB uncompressed):
Related contents:
SSL certificate expiry monitoring.
Ensure the continued security and reliability of your website by staying vigilant about SSL certificate expiration.
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
Universal identity control plane for distributed systems. SPIFFE and SPIRE provide strongly attested, cryptographic identities to workloads across a wide variety of platforms.
SPIFFE and SPIRE provide a uniform identity control plane across modern and heterogeneous infrastructure. Since software and application architectures have grown substantially, they are spread across virtual machines in public clouds and private data centers. Security models for the organizations that manage them must keep up with these infrastructure technologies. And this is where SPIFFE and SPIRE come in. With SPIFFE/SPIRE, developers and operators can build software using new infrastructure technologies, while allowing security teams to step back from time-consuming security processes.
CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates. It requires Go 1.16+ to build.
Automatically provision and manage TLS certificates in Kubernetes. cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. It supports issuing certificates from a variety of sources, including Let's Encrypt (ACME), HashiCorp Vault, and Venafi TPP / TLS Protect Cloud, as well as local in-cluster issuance. cert-manager also ensures certificates remain valid and up to date, attempting to renew certificates at an appropriate time before expiry to reduce the risk of outages and remove toil.
Cloud native certificate management. X.509 certificate management for Kubernetes and OpenShift.
cert-manager creates TLS certificates for workloads in your Kubernetes or OpenShift cluster and renews the certificates before they expire.
Related contents: