CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates. It requires Go 1.16+ to build. Note that certain linux distributions have certain algorithms removed (RHEL-based distributions in particular), so the golang from the official repositories will not work. Users of these distributions should install go manually to install CFSSL. CFSSL consists of: * a set of packages useful for building custom TLS PKI tools * the cfssl program, which is the canonical command line utility using the CFSSL packages. * the multirootca program, which is a certificate authority server that can use multiple signing keys. * the mkbundle program is used to build certificate pool bundles. * the cfssljson program, which takes the JSON output from the cfssl and multirootca programs and writes certificates, keys, CSRs, and bundles to disk.
OS | Architecture | Version |
---|---|---|
NetBSD 10.0 | aarch64 | cfssl-1.6.5nb6.tgz |
NetBSD 10.0 | aarch64 | cfssl-1.6.5nb3.tgz |
NetBSD 10.0 | earmv7hf | cfssl-1.6.5.tgz |
NetBSD 10.0 | earmv7hf | cfssl-1.6.5nb3.tgz |
NetBSD 10.0 | i386 | cfssl-1.6.5nb6.tgz |
NetBSD 10.0 | i386 | cfssl-1.6.5nb3.tgz |
NetBSD 10.0 | x86_64 | cfssl-1.6.5nb6.tgz |
NetBSD 10.0 | x86_64 | cfssl-1.6.5nb3.tgz |
NetBSD 9.0 | aarch64 | cfssl-1.6.5nb3.tgz |
NetBSD 9.0 | earmv7hf | cfssl-1.6.5.tgz |
NetBSD 9.0 | earmv7hf | cfssl-1.6.5nb3.tgz |
NetBSD 9.0 | i386 | cfssl-1.6.5nb6.tgz |
NetBSD 9.0 | i386 | cfssl-1.6.5nb3.tgz |
NetBSD 9.0 | x86_64 | cfssl-1.6.5nb6.tgz |
NetBSD 9.0 | x86_64 | cfssl-1.6.5nb3.tgz |
NetBSD 9.3 | x86_64 | cfssl-1.6.5nb6.tgz |
Binary packages can be installed with the high-level tool pkgin (which can be installed with pkg_add) or pkg_add(1) (installed by default). The NetBSD packages collection is also designed to permit easy installation from source.
The pkg_admin audit command locates any installed package which has been mentioned in security advisories as having vulnerabilities.
Please note the vulnerabilities database might not be fully accurate, and not every bug is exploitable with every configuration.
Problem reports, updates or suggestions for this package should be reported with send-pr.