Awesome

tlshelpers

A collection of shell scripts that help handling X.509 certificate and TLS issues

matchcertkey

Script to check whether a private key belongs to a certificate.

It will check three things:

• Internal consistency of private key.
• Does SPKI SHA256 hash match?
• Can a test signature be verified?

Many existing tools and guides only check whether the public key part of the private key matches and don't really check the private key.

fakekey

Creates a private key for an existing certificate that looks like a real key if not checked properly.

Requires the der2ascii/ascii2der tools by David Benjamin.

ocspverify

Checks OCSP status of certificates with a single command.

It will automatically extract the issuer certificate and OCSP url via AIA.

getsubdomain

Gets all subdomains to a domain by querying the database of the crt.sh Certificate Transparency search engine.

examples

The examples subdirectory contains an existing certificate (from symantec) and a corresponding fake private key.