gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 21:21:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: tighten README and why-certctl for scannability

Browse Source 
README: Remove Contents section (GitHub auto-generates ToC), replace
12-bullet Core capabilities block with link to Feature Inventory,
replace 21-row Database Schema table with one-liner linking to
Architecture Guide. Visitors now hit screenshots ~60 lines sooner.

why-certctl: Remove Feature Summary section (duplicated README and
Feature Inventory content). Competitive comparisons remain as the
focused value of this page.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Shankar
2026-03-27 20:27:24 -04:00
parent 9cf0a51288
commit fd18ff20a9
2 changed files with 2 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/why-certctl.md
-20
View File
@@ -115,26 +115,6 @@ If your organization has the budget for Venafi or Keyfactor, they're comprehensi
certctl targets the organizations that need 60% of those capabilities at 1% of the cost. Self-hosted, no per-certificate pricing, no vendor lock-in. The trade-off: no SSO/RBAC (yet — coming in certctl Pro), no F5/IIS target connectors (yet), no SLA-backed support.
## Feature Summary
What ships free in certctl V2 (community edition):
- **Issuance & renewal**: ACME (HTTP-01, DNS-01, DNS-PERSIST-01, EAB), step-ca, Local CA (self-signed or sub-CA), OpenSSL/custom scripts
- **EST enrollment**: RFC 7030 device certificate enrollment for WiFi, MDM, IoT
- **Deployment targets**: NGINX, Apache httpd, HAProxy (Traefik and Caddy coming in v2.1)
- **Agent architecture**: Pull-based, agent-side ECDSA P-256 key generation, private keys never leave the agent
- **Post-deployment verification** *(coming v2.0.6)*: TLS fingerprint matching confirms the target is serving the correct certificate
- **Network discovery**: Active TLS scanning of CIDR ranges finds unmanaged certificates
- **Filesystem discovery**: Agent-side directory scanning finds existing PEM/DER certificates
- **Policy engine**: 5 rule types, violation tracking, severity levels
- **Audit trail**: Immutable, append-only, records every API call with method, path, actor, body hash, status, latency
- **Revocation**: Full RFC 5280 reason codes, DER-encoded CRL (CA-signed, 24h validity), embedded OCSP responder
- **Observability**: Dashboard charts, Prometheus metrics, JSON metrics, structured logging
- **Notifications**: Slack, Microsoft Teams, PagerDuty, OpsGenie, email, webhook
- **API**: 95+ REST endpoints, OpenAPI 3.1 spec, cursor pagination, sparse fields, sort/filter
- **MCP server**: 78 tools for AI-assisted certificate management (Claude, Cursor, etc.)
- **CLI**: 10 subcommands with JSON/table output, bulk PEM import
## Getting Started
```bash