Skip to Main Content
NetBox Plugin Ideas

Propose and vote for your most-wanted NetBox plugins!

Status Discussion
Created by Guest
Created on Sep 25, 2023

x509 Certificate Inventory Management

A way to model x509 Certificates such as client certificates used in mTLS, server, intermediate (chain), and root certificates.

Details about the certificates could include but not limited to items under the structure of x509 digital certificates https://en.m.wikipedia.org/wiki/X.509


Could also model different Certificate Authorities (CA’s) and their intermediate and root certificates.


This plugin could dive into the realm of automating the generation of things like CSR’s and interacting with CA’s RestAPI’s.

Use case

A way to document and keep track of current self signed or paid x509 certificates for things like upcoming expiry dates. Potential for automation in the future.

  • Attach files
  • Victoria Laux
    Reply
    |
    Dec 2, 2023

    Another idea is to manage a certbot? So it is not needed to manage all the formats? Then it is may be better to request the outstanding renewals to show at the right place.

  • Guest
    Reply
    |
    Oct 19, 2023

    Came here to suggest this idea and found your idea. Love it. May I add a few suggestions?

    • Ability to export the certificates in various formats (PEM, PEM chain, PKCS #7, PKCS #7 chain, PKCS #12, PKCS #12 chain, DER) to either clipboard or file

    • Ability to import via form or file

    • Ability to associate a certificate with a device (at minimum), bonus points for being able to do it for anything in the model

    • Ability to create a generic template or config context and associate it with a service template or as a standalone. I can't tell you how many times I've run into problems with certificate compatibility. Some stuff supports EC-DSA, other stuff only RSA. The template should be able to describe what the application is expecting. Vendors are terrible at documenting this and it takes extensive research sometimes to determine the exact OID's required.

    • Document metadata about the CA: is it offline, or online? Backed by HSM? What kind, what serial number, how to I access it? Where do I submit a CSR and how do I get it approved?