CertLint is a tool to help you view/convert/validate your certificates and keys. It can be run online or completely offline in a Docker container.
View Demo
·
Report Bug
·
Request Feature
Table of Contents
CertLint is a project I built to improve/practice my skills in scripting, CI/CD, Docker and Kubernetes. BY NO MEANS am I claiming/attempting or wanting to be a front-end developer. You can use it "offiline" to convert/validate your own certificates and keys by running it in a Docker container.
I WOULD NOT recommend running this as a web service outside of your localhost.
- It uses the built in Flask web server which shouldn't be used for prod.
- It does a lot of file handling of certs and keys... and you should never upload your key to a web server
- It does not sanitize user input so the risk of being hacked is high.
- Ironically, I didn't run it with https (but you could use it to create a key/cert for itself. :-)
1. Install Docker on your host: Install Docker
2. Pull the latest CertLint Docker image from the Docker repository:
docker pull bkblankdocker/certlint:latest
At this point, you can disconnect your network connections if you don't trust the container to "phone home" and steal any certificates/keys/passwords you provide.
3. Run the container:
docker run -d -p 5000:5000 --name certlint bkblankdocker/certlint:latest
If port 5000 is in use on your host, choose another port of your preference, e.g. use port 9000
docker run -d -p 9000:5000 bkblankdocker/certlint:latest
4. Open your browser to http://localhost:5000
5. Stop and remove the running certlint container
Make sure you have saved all of the converted certificates/keys you want as the next step will destory the container and any files it created for you.
docker rm -f certlint
6. Remove the certlint docker image from your machine
docker image rm bkblankdocker/certlint:latest
Re-enable your network interfaces if you disabled them above.
I may put some examples here... but I hope the tool is self-explanatory.
- Decide if I will actually host this online (e.g. GKE) for people to use or just support running it in containers locally.
- Allow users to create a new Root and Intermediate CA to sign new certificates
- Create/Sign certificates with the CAs from above
- Validate a private/public key are a valid pair
- Convert keys to different formats (pkcs1-pkcs8-encrypted/unencrypted)
- Given a CA chain, validate a certificate can be verified using that chain
- Include support for PFX and JKS files
- "Online version" - connect to a service and display the cert/chain in use, build a truststore from the chain
See the open issues for a full list of proposed features (and known issues).
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the MIT License. See LICENSE for more information.