- Tired of guess all the cmd switches for [openssl|certutil|...] to decode certificates ?
- 100% pure go, minimal imports, use as app or api (see api.go), compatible with tlsinfo, dnsinfo
go run paepcke.de/certinfo/cmd/certinfo@latest
go install paepcke.de/certinfo/cmd/certinfo@latest
https://github.com/paepckehh/tlsinfo/releases
nix-shell -p certinfo-go
environment.systemPackages = [
pkgs.certinfo-go
];
certinfo cert.pem
X509 Cert Subject : [CN=ISRG Root X1,O=Internet Security Research Group,C=US]
X509 Cert Status : [VALID] [for the next 4554 days]
X509 Cert Signature Algo : [VALID] [SHA256-RSA]
X509 Cert Public Key : [VALID] [RSA] [4096] [e:65537]
X509 Cert KeyPin [base64] : [C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=]
X509 Cert Key Usage : [CRITICAL] [Certificate Signing] [CRL Signing]
X509 CA Authority : [YES]
X509 CA SelfSigned : [VALID] [RootCA]
X509 CA Allows SubCAs : [YES] [ALERT] [PathLen:NotDefined]
X509 Issuer Signature By : [CN=ISRG Root X1,O=Internet Security Research Group,C=US]
X509 Issuer Signature State : [VALID] [trusted via system trust store]VERBOSE=true certinfo certs.txt
[...]NO_COLOR=true certinfo certs.txt | grep ...
[...]PINONLY=true certinfo certs.txt
[...]cat /etc/ssl/* | certinfo
[...]PEMONLY=true cat /etc/ssl/* | certinfo > truststore.pem
[..]HTML=true certinfo certs.txt
[...][] optional SCT log verification (online/leaky)
pkg.go.dev/paepcke.de/certinfo
This project is licensed under the terms of the BSD 3-Clause License license. See LICENSE for more details.
@misc{certinfo,
author = {Michael Paepcke},
title = {Tool to analyze and troubleshoot x.509 & ssh certificates, encoded keys, ... (app/lib/api)},
year = {2022},
publisher = {GitHub},
journal = {GitHub repository},
howpublished = {\url{https://paepcke.de/certinfo}}
}Yes, Please! PRs Welcome!