certigo
certigo copied to clipboard
square
A utility to examine and validate certificates in a variety of formats
Add support for CSR when using the `dump` command by implementing a flag `--csr` that would look for CSR(s) in the file and then parse it. Usage could be like:...
If verification fails, retries using intermediate retrieved via AIA fetching and updates error message to make it clearer what the misconfiguration is. Used to print: 
Here's a list of STARTTLS type protocols I've found: - [x] MySQL - [x] PostgreSQL - [x] LDAP - [x] SMTP - [x] IMAP - [ ] POP3 (Uncommon, normal...
SQL Server does not uses a raw TLS connection, instead, it uses TLS over the TDS protocol, as such, we need to use the https://github.com/denisenkom/go-mssqldb library. I'm making a patch...
Seems this OID comes from the standard IEC 62351-8 https://www.spinnaker.io/setup/security/authentication/x509/ We could pretty-print that oid name.
``` % certigo verify --name=REDACTED -f pem server2019.csr panic: runtime error: index out of range goroutine 1 [running]: github.com/square/certigo/lib.VerifyChain(0xc62e38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffc75d487a2, 0x18, 0x0, 0x0, ...) /home/meta/go/src/github.com/square/certigo/lib/verify.go:129...
Go can't process BER input, only DER. Would be nice to have a preprocessing step that canonicalizes any BER into DER.
Bouncycastle key store I hear Android uses them.
Right now, a root appears as something like this: ``` Serial: 927650371 Valid: 1999-05-25 16:09 UTC to 2019-05-25 16:39 UTC Signature: SHA1-RSA (self-signed) Subject Info: Country: US Organization: Entrust.net Organizational...
Many java trust stores are "protected" with the default password changeit. Password protection often provides little value when the files are protected, perhaps in a secrets management system. Other passwords...