Products
My company, Opsmate, Inc., sells the following services:
- SSLMate - CLI and API for centralizing and automating your certificate issuance
- Cert Spotter - automatically discover all your SSL certificates, and get alerts for expiring, unauthorized, or broken certificates
- CT Search API - search Certificate Transparency logs by domain name using an easy JSON API
- DNS Helper - a JavaScript widget that provides instructions and debugging for adding DNS records at popular DNS providers
Tools
Online tools that you might find useful:
- CAA Record Helper - publish a CAA record to protect your domain from unauthorized SSL certificates
- What's My Chain Cert? - diagnose and fix certificate chain problems such as missing intermediates
- Certificate Transparency Policy Analyzer - check if a website complies with browser Certificate Transparency policies
Ecosystem Monitoring
I work on these projects for the public benefit:
- Source Spotter - verifies that Go's Checksum Database is behaving honestly and that Go's binary toolchains can be reproduced from source
- DCV Inspector - inspect domain validation practices of certification authorities
- CRL Watch - monitors Certificate Revocation Lists from publicly-trusted certification authorities
- OCSP Watch - monitors OCSP responders of publicly-trusted certification authorities
Open Source
Open source software that you can run yourself:
- certspotter - lightweight Certificate Transparency monitor
- snid - zero-config TLS proxy server that uses SNI
- sms-over-xmpp - XMPP Component (XEP-0114) to send and receive SMS
- sunglasses - RFC 6962 compatibility proxy for static-ct-api logs
- depproxy - Go module proxy that only allows authorized modules
- webdavd - a very simple WebDAV server written in Go
- go-pkcs12 - Go library for reading and writing PKCS#12 files
- go-listener - Go library for creating
net.Listeners from a lightweight text syntax - git-crypt - transparent per-file encryption for Git
- titus - totally isolated TLS unwrapping server (no longer developed)