Certificate Verify Tool

Github Page:

Blog Post: Some new PKI tools

This CLI tool allows you to verify that your certificate was signed/issued by the certificate chain/issuers file you have.

This tool allows you to verify your certificates with its possible issuer(s). By using the -e or --end-entity parameter, you can define your certificate/end-entity file. By using the -i or --issuers parameter, define your certificate issuer(s) / certificate chain. The CLI tool will decode the passed certificates and will verify if the end-entity certificate was issued by the issuers / certificate chain. It also performs a certificate validity check!


Github Page:

Blog Post: Authslime

This CLI tool allows you to create cryptographic slime with fun attributes! It supports a local SQLite database which stores information about each authslime.

UltimateCSR CLI Tool

Github Page:

This tool allows you define many subject fields such as Common Name, Email Address, UserID, Given Name, Title, Pseudonym and more. Requesting v3 extensions such as Key Usage, Extended Key Usage and Basic Constraints is also built in. To work this script, make sure:

Python Cryptography is up to date:
pip install --upgrade cryptography

Python-based Precertificate Signed Certificate Timestamp decoder and lookup tool

Github Page:

The Python script mentioned will decode the Precertificate Signed Certificate Timestamps (SCT) of a given x509 certificate. An SCT is a proof that a certificate has been logged in certificate transparency (CT) which means that its issuance was public. More information about this is noted here. The log ID identifies a CT logger. You can use the list here to identify which log ID matches. However, it is important to note that the log id in the SCT is in hexadecimal, while the log id in the json file is in base64. In the python script, I convert the base64 to hexadecimal.

Usage: [-h] [-c CERTIFICATE]

Python Script for RSA signing/verifying

Github Page:

This python script, "" uses the python cryptographic library to perform digital signature functions. It can sign data using RSA/PSS and verify signatures. You can first generate an RSA keypair with openssl if you don't have a keypair.

After generating the RSA keypair, you can sign data. The --sign parameter will load the private key(--key), and then it will hash (SHA256) the message that was passed with --sign and then sign the digest. The --verify parameter will load the public key(--key). It will then verify the signature(--signature)/message(--verify) with the public key.


rsa-signverify [-h] [-k KEY] [-s SIGN] [-v VERIFY] [-sig SIGNATURE] [-out OUT]

CA Finder

CA Finder is a small python script that decodes a given X509 Certificate. It outputs certain certificate fields (if present in the certificate) to help of identify its certificate chain if it is not known.

Related Blog Post

CA Finder Github Page

The script looks for these fields in the certificate.

Usage: -c mycertificate.pem

Note: If you don't want to use the script, you can use openssl (openssl x509 -in cert.pem -noout -text) to look for those given fields.