cfssl

CFSSL is a collection of tools from Cloudflare for managing TLS certificates, which are the digital documents that websites use to prove their identity and encrypt traffic. If you have ever seen the padlock icon in a browser address bar, that padlock exists because the site holds a valid certificate. CFSSL helps organizations create, sign, and organize those certificates themselves rather than relying entirely on outside certificate providers.

The toolkit ships as several programs. The main one, also called cfssl, works both as a command-line tool and as a web server that other programs can talk to over HTTP. You can use it to generate private keys, create certificate requests, sign certificates with your own certificate authority, and assemble certificate bundles. A certificate bundle is a collection of certificates that browsers and operating systems check when verifying that a certificate can be trusted.

Two companion tools round out the package. multirootca lets you run a certificate authority that can use more than one signing key, which is useful for organizations that manage certificates across multiple teams or security domains. cfssljson takes the JSON output that cfssl produces and writes the certificate and key files to disk in the standard formats that most web servers expect.

The project is written in Go and published as open-source code. Pre-built binaries are available for people who do not want to compile from source. Because it can run as an HTTP API server, teams can build it into internal workflows where other tools send certificate requests and receive signed certificates back without anyone handling files by hand.

CFSSL is aimed at developers and infrastructure teams that need to operate their own internal certificate authority, for example to secure private networks or test environments, without purchasing certificates from a commercial provider.