WIP - This project is in early development.
CertInspect is a Go package for inspecting TLS certificates from remote endpoints, built entirely with Go's standard library for zero external dependencies.
The package includes certi, a command-line tool that serves as both a practical utility and reference implementation.
- Programmatic certificate chain inspection API
- CLI tool included for manual certificate chain inspection
- Certificate expiration time tracking
- Subject Alternative Name (SAN) parsing
- IPv6 address support
- Zero external dependencies
The package includes certi, a command-line tool for inspecting certificate chains.
macOS
brew install chronohq/tap/certiFor other platforms, see the latest binary release.
Inspect a certificate on the default HTTPS port (443):
certi www.chronohq.com
{
...
"chain": [
...
]
}Inspect a certificate on a custom port:
certi www.chronohq.com:3000
{
...
"chain": [
...
]
}CertInspect is a single-purpose component designed for certificate inspection and analysis. At Chrono, we use it as part of our larger monitoring infrastructure.
The package uses only Go's standard library to ensure zero external dependencies, maximum compatibility, and reduced supply chain risk. This is particularly important for a component handling TLS certificate data.
CertInspect is available under the MIT license. See the LICENSE file for details.