crtool

module
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 5, 2020 License: Apache-2.0

README

crtool

Helper tooling for certificate management

Benefits:

  • Static binary builds
  • Does not require any host tools/packages

Installation

Linux

Install one of the packages (.deb or .rpm from the releases page)

Or install manually:

  • Replace ${VERSION} with the appropriate release version (e.g. 0.0.3)
  • Download the crtool:
wget -O crtool https://github.com/sgnn7/crtool/releases/download/v${VERSION}/crtool_linux && \
  chmod +x ./crtool
macOS
  • Replace ${VERSION} with the appropriate release version (e.g. 0.0.3)
  • Download the crtool:
wget -O crtool https://github.com/sgnn7/crtool/releases/download/v${VERSION}/crtool_darwin && \
  chmod +x ./crtool
Windows
  • Replace ${VERSION} with the appropriate release version (e.g. 0.0.3)
  • Download the crtool:
wget -O crtool.exe https://github.com/sgnn7/crtool/releases/download/v${VERSION}/crtool.exe

Usage

crtool verify

Verify certifcates of target server

crtool verify -t <target> [-p port]

Note: This command supports verification of file-provided PEM certs too if you specify the file:// schema:

crtool verify -t file://path/to/file.crt

Currently this verifies per connection:

  • Hostname
  • System's CA certificate chain
  • Issuer's CN
  • Issuer's Signature

Currently this verifies per-cert fields:

  • NotBefore
  • NotAfter
Examples

Verify an expired cert

crtool verify -t expired.badssl.com

Verify a valid cert

crtool verify -t expired.badssl.com

Verify certificate(s) in a file

crtool verify -t file://server.crt
crtool dump

Dump certifcates of target server to output. Works with self-signed certificates!

crtool dump -t <target> [-p port] [-o file] [-e < pem | der >]

Note: This command supports using file-provided PEM-encoded certs if you specify the file:// schema which is useful in transcoding.

crtool dump -t file://server.pem -o server.der -e der
Examples

Dump certifates from an https server to stdout in PEM encoding:

crtool dump -t google.com

Dump certifates from an https server into a file:

crtool dump -t google.com -o certs.txt

Dump leaf certifate from an https server into a file in DER encoding:

crtool dump -t google.com -o cert.der -e der

Dump certifates from an https server on a custom port into a file:

crtool dump -t google.com -p 8443 -o certs.txt

Dump certificates from an https server and pass it to another program

crtool dump -t google.com | cat

Directories

Path Synopsis
pkg
certificates/providers
certificates/validation
cli
encoding
ssl
version

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.