Skill

performing-ssl-certificate-lifecycle-management

Automates SSL/TLS certificate lifecycle: generates CSRs, monitors expiration, renews via ACME (Let's Encrypt), handles revocation using Python. For security audits and infrastructure management.

Python

security

infrastructure

npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

SSL/TLS certificate lifecycle management encompasses the full process of requesting, issuing, deploying, monitoring, renewing, and revoking X.509 certificates. Poor certificate management is a leading cause of outages and security incidents. This skill covers automating the entire certificate lifecycle using Python and ACME protocol tools.

Supporting Assets

LICENSEassets/template.mdreferences/api-reference.mdreferences/standards.mdreferences/workflows.mdscripts/agent.pyscripts/process.py

SKILL.md

Similar Skills

applying-brand-guidelines

41.6k

Applies Acme Corporation brand guidelines including colors, fonts, layouts, and messaging to generated PowerPoint, Excel, and PDF documents.

3 files

anthropics-claude-cookbooks

creating-financial-models

41.6k

Builds DCF models with sensitivity analysis, Monte Carlo simulations, and scenario planning for investment valuation and risk assessment.

2 files

anthropics-claude-cookbooks

analyzing-financial-statements

41.6k

Calculates profitability (ROE, margins), liquidity (current ratio), leverage, efficiency, and valuation (P/E, EV/EBITDA) ratios from financial statements in CSV, JSON, text, or Excel for investment analysis.

2 files

anthropics-claude-cookbooks

Stats

Stars5748

Forks783

Last CommitApr 6, 2026

Actions

View Source View Plugin View on GitHub View README

Performing SSL Certificate Lifecycle Management

Overview

When to Use

When conducting security assessments that involve performing ssl certificate lifecycle management
When following incident response procedures for related security events
When performing scheduled security testing or auditing activities
When validating security controls through hands-on testing

Prerequisites

Familiarity with cryptography concepts and tools
Access to a test or lab environment for safe execution
Python 3.8+ with required dependencies installed
Appropriate authorization for any testing activities

Objectives

Generate Certificate Signing Requests (CSRs) programmatically
Parse and validate X.509 certificates
Monitor certificate expiration across infrastructure
Automate renewal using ACME protocol (Let's Encrypt)
Implement certificate revocation checking (CRL and OCSP)
Track certificate inventory across multiple domains

Key Concepts

Certificate Lifecycle Stages

Request: Generate key pair and CSR
Issuance: CA validates and issues certificate
Deployment: Install certificate on servers
Monitoring: Track expiration and health
Renewal: Request new certificate before expiry
Revocation: Invalidate compromised certificates

Certificate Types

Type	Validation	Use Case
DV (Domain Validation)	Domain ownership	Websites, APIs
OV (Organization Validation)	Domain + org identity	Business sites
EV (Extended Validation)	Full legal verification	E-commerce, banking
Wildcard	*.domain.com	Multi-subdomain
SAN/UCC	Multiple domains	Multi-domain hosting

Security Considerations

Set up automated monitoring for all certificates
Use ECDSA (P-256) certificates for better performance over RSA
Enable OCSP stapling on all servers
Implement Certificate Transparency log monitoring
Maintain inventory of all certificates and their locations
Plan for CA compromise scenarios (key pinning, backup CAs)

Validation Criteria

CSR generation produces valid PKCS#10 request
Certificate parsing extracts all relevant fields
Expiration monitoring detects certificates within threshold
Certificate chain validation verifies trust path
OCSP checking detects revoked certificates
Certificate inventory tracks all deployed certificates