x509 Certificate Inventory Management

Has anyone seen any attempt at starting a plugin such as this one yet?

• I would recommend tracking certificates not just by device but also by service on the device as multiple website can be hosted on a single server each with their own certificate...

• And of course tracking expiration dates and installation instructions is key as well.

• Make sure to use the certificate's thumbprint as its main identifier, not the Common Name: there can be multiple instances of a certificate with the same Common Name.

• Note that CAs can be part of an organization's internal PKI as well.

I am about to start coding so please reach out if you have a start already.

Another idea is to manage a certbot? So it is not needed to manage all the formats? Then it is may be better to request the outstanding renewals to show at the right place.

Came here to suggest this idea and found your idea. Love it. May I add a few suggestions?

• Ability to export the certificates in various formats (PEM, PEM chain, PKCS #7, PKCS #7 chain, PKCS #12, PKCS #12 chain, DER) to either clipboard or file

• Ability to import via form or file

• Ability to associate a certificate with a device (at minimum), bonus points for being able to do it for anything in the model

• Ability to create a generic template or config context and associate it with a service template or as a standalone. I can't tell you how many times I've run into problems with certificate compatibility. Some stuff supports EC-DSA, other stuff only RSA. The template should be able to describe what the application is expecting. Vendors are terrible at documenting this and it takes extensive research sometimes to determine the exact OID's required.

• Document metadata about the CA: is it offline, or online? Backed by HSM? What kind, what serial number, how to I access it? Where do I submit a CSR and how do I get it approved?