cloudflare/cfssl

Description: CFSSL: Cloudflare's PKI and TLS toolkit

View on GitHub ↗Jump to charts ↓

Summary Information

Updated 5 minutes ago
Added to GitGenius on February 28th, 2026
Created on July 7th, 2014
Open Issues & Pull Requests: 333 (+0)
Number of forks: 1,141
Total Stargazers: 9,454 (+0)
Total Subscribers: 201 (+0)

Issue Activity (beta)

Open issues: 108
New in 7 days: 0
Closed in 7 days: 0
Avg open age: 2,028 days
Stale 30+ days: 106
Stale 90+ days: 106

Recent activity

Opened in 7 days: 0
Closed in 7 days: 0
Comments in 7 days: 0
Events in 7 days: 0

Top labels

  • documentation (7)
  • bug (6)
  • enhancement (5)
  • tests (3)
  • build (2)
  • help wanted (2)
  • needs-more-testing (2)
  • question (2)

Most active issues this week

No issue events were indexed in the last 7 days.

Repository Insights (GitGenius)

Median issue/PR response: 138.1 days
Mean response time: 925.4 days
90th percentile: 2706.2 days
Tracked items: 32

Most active contributors

Detailed Description

CFSSL is Cloudflare's PKI and TLS toolkit, written in Go and designed to serve as a comprehensive swiss army knife for certificate operations. The project provides both a command-line utility and an HTTP API server for signing, verifying, and bundling TLS certificates. It requires Go 1.20 or later to build, with a note that certain Linux distributions, particularly RHEL-based systems, may have algorithms removed from their official Go repositories, necessitating manual Go installation for those users.

The toolkit consists of several integrated components. The main cfssl program is the canonical command-line utility that leverages the CFSSL packages for core functionality. The multirootca program extends capabilities by providing a certificate authority server capable of using multiple signing keys, addressing scenarios where single-key operations are insufficient. The mkbundle program constructs certificate pool bundles for root and intermediate certificates, while cfssljson processes JSON output from cfssl and multirootca to write certificates, keys, certificate signing requests, and bundles to disk.

The command-line interface supports diverse operations including signing certificate bundles, generating private keys and certificate requests, creating self-signed certificates, bundling certificates with configurable flavors for different use cases, and starting an API server. The signing functionality accepts certificate signing requests with customizable hostname overrides for SAN extensions. Certificate bundling offers three flavors: optimal for shortest chains with advanced cryptography, ubiquitous for broad browser and OS compatibility, and force for bundles matching input certificate content exactly. The API server listens on a configurable address and port, defaulting to 127.0.0.1:8888, and supports remote signature forwarding, OCSP responder configuration, and adjustable logging levels from DEBUG to CRITICAL.

The mkbundle utility validates certificates against CRL revocation lists and checks for expiration before combining them into single bundle files, with configurable worker counts for revocation checking. The cfssljson tool maps JSON keys to appropriately named output files, supporting both file output and standard output modes. Static binary builds are supported through resource embedding using the go.rice tool.

According to GitGenius activity tracking, the repository has experienced minimal recent change, with fork count declining by one from 1141 to 1140 between July 4, 2026 and the present check. Issue and pull request response latency shows a median of 3313.3 hours with a mean of 22208.8 hours across 32 tracked items, indicating substantial response time variation. The most active issue labels are documentation with 3 occurrences, tests with 2, and needs-more-testing with 1. Primary contributors tracked by GitGenius include mitch292 with 18 events, elukey with 9 events, and LufDevOps with 3 events. The repository shares contributors with microsoft/vscode, golang/go, and rust-lang/rust according to GitGenius cross-repository analysis.

cfssl
by
cloudflarecloudflare/cfssl

Repository Details

Fetching additional details & charts...