PKI Toolbox
PKI Admin get a hard time diagnosing PKI and digital signature related issues. Here is a list of list of some very handy PKI focused opensource/free tools. This will hopefully help investigate and analyze PKI and cryptographic related issues:
Core
- OpenSSL: Processes a big range of crypto, PKI, PKCS operations. https://wiki.openssl.org/index.php/Binaries
- HSM Emulator: SoftHSM provides a light weight implementation of PKCS#11. Able to initialize tokens, slots, import keypair (PKCS#8), create SO, users. https://wiki.opendnssec.org/display/SoftHSM
- Keystore Explorer: Simplifies creation and management of your java keystore using a GUI based application. https://keystore-explorer.org/
- PKIjs: Provides javascript API for parsing and generating OCSP, Timestamp, CMS, Certificate creation using WebCrypto. https://pkijs.org/#examples
- ASN.1: Able to view ASN.1 encodings (DER, BER) to detect anomalies in PKCS objects: https://www.codeproject.com/Articles/4910/ASN-1-Editor
- PKCS#11: Able to login to your HSM, view slots and show cryptographic objects like private/public keys, digital certificates etc. https://www.pkcs11admin.net/
Timestamping
- Server: List of free timestamp servers https://gist.github.com/Manouchehri/fd754e402d98430243455713efada710
- Client: RFC 3161 compliant tool to send timestamp request and process responses. https://github.com/disig/TimeStampClient
Encoding
- Base64 Encoding: https://base64.guru/converter/encode
- Base64 Decoding: https://base64.guru/converter/decode/file
CSR (PKCS#10)
- CSR Decode: Verifies CSR and shows Subject DN. https://www.sslshopper.com/csr-decoder.html
- CSR to Certificate Creator: Generates a test certificate from a CSR. https://getacert.com/signacert.html
- CSR Creator: Creates a basic CSR. https://csrgenerator.com/
SSL
- SSL Labs: Detects SSL related anomalies focusing more on cipher Suites & SSL related threats. https://www.ssllabs.com/ssltest/
- Experte SSL Check: Checks SSL related issues for your websites and also check HTTP headers: https://www.experte.com/ssl-check