TLS Cert Chain Resolver is a CLI tool designed to resolve and manage TLS certificate chains efficiently. This tool is inspired by zakjan/cert-chain-resolver, but offers a more maintainable codebase and is actively maintained.
- Resolve TLS certificate chains
- Output in PEM, DER, or JSON format. The JSON format includes PEM-encoded certificates with their chains.
- Optionally include system root CAs
- Efficient memory usage with buffer pooling
To install the tool, use the following command:
go install github.com/H0llyW00dzZ/tls-cert-chain-resolver@latesttls-cert-chain-resolver [INPUT_FILE] [OPTIONS]-o, --output: Output to a specified file (default: stdout)-i, --intermediate-only: Output intermediate certificates only-d, --der: Output in DER format-s, --include-system: Include root CA from the system in output-j, --json: Output in JSON format containing PEM for listed certificates with their chains
Note
If you encounter issues installing with go install github.com/H0llyW00dzZ/tls-cert-chain-resolver@latest, try using go install github.com/H0llyW00dzZ/tls-cert-chain-resolver/cmd@latest or build manually from source with make build-linux, make build-macos, or make build-windows.
- Go 1.24.1 or later
Clone the repository:
git clone https://github.com/H0llyW00dzZ/tls-cert-chain-resolver.git
cd tls-cert-chain-resolverBuild the project for Linux:
make build-linuxBuild the project for macOS:
make build-macosBuild the project for Windows:
make build-windowsThis tool is compatible with Go 1.24.1 or later and works effectively across various clients (e.g., HTTP clients in Go, mobile browsers, OpenSSL). It resolves chaining issues, providing enhanced flexibility and control over certificate chain resolution.
h0llyw00dzz@ubuntu-pro:~/Workspace/git/tls-cert-chain-resolver$ ./bin/linux/tls-cert-chain-resolver test-leaf.cer -o test-output-bundle.pem
Starting TLS certificate chain resolver (v0.1.7)...
Press CTRL+C to exit if incomplete.
1: *.b0zal.io
2: Sectigo ECC Domain Validation Secure Server CA
3: USERTrust ECC Certification Authority
Output successfully written to test-output-bundle.pem.
Certificate chain complete. Total 3 certificate(s) found.
Certificate chain resolution completed successfully.
TLS certificate chain resolver stopped.- Verification:
h0llyw00dzz@ubuntu-pro:~/Workspace/git/tls-cert-chain-resolver$ openssl verify -CAfile /etc/ssl/certs/ca-certificates.crt -untrusted test-output-bundle.pem test-output-bundle.pem
test-output-bundle.pem: OKNote
These examples demonstrate the tool's effectiveness in resolving and verifying certificate chains using OpenSSL.
This project was created to provide a more maintainable and actively maintained version of the original zakjan/cert-chain-resolver, which is no longer maintained.
This project is licensed under the BSD 3-Clause License. See the LICENSE file for details.