cmd/chain: Introduce a certificate chain viewer / tool

adamdecaf / cert-manage

WIP x509 Certificate auditing CLI

Apache License 2.0

32 stars 6 forks source link

cmd/chain: Introduce a certificate chain viewer / tool #172

Open adamdecaf opened 6 years ago

adamdecaf commented 6 years ago

When you're digging around for which CA is used in a particular connection it can get messy. Some CA's offer html pages, but that's not useful in a general sense.

What about a command to show the chains for a given connection? We'd need to include untrusted local CA's to let people whitelist better.

Other tools do this - check into those.

adamdecaf commented 6 years ago

How about the following flags?

-remote: Do remote lookups if no local chain is found
-all: Include all certificates (expired, revoked, untrusted)
-revoked
-untrusted
-expired

adamdecaf commented 6 years ago

This would likely spur the breakup of Store I've been brainstorming.