We are always collecting useful tools and links that will help you understand and use the Federal Public Key Infrastructure. The table below provides a list of useful tools.
Please consider contributing any of your favorite tools to this effort!
|FPKI Graph||FPKI Graph||This is an interactive website that is updated weekly to display the hundreds of certification authorities that make up the FPKI and how they are connected.||Program Managers; System Engineers|
|Card Conformance Tool (CCT)||GitHub (External)||The Card Conformance Tool (CCT) is a GSA managed Java tool which validates that Personal Identity Verification (PIV) and PIV-Interoperable (PIV-I) smart cards are compliant with key standards.||PIV or PIV-I Issuers; System Engineers|
|Certificate Profile Conformance Tool (CPCT)||Cert Conformance Tool (External)||The Certificate Profile Conformance Tool (CPCT) is a web site application that analyzes certificates for conformance to a specified FPKI-defined profile.||FPKI Certificate Issuers or Relying Parties; System Engineers|
|Certutil||MSDN (External)||Certutil.exe is a Microsoft Windows command-line utility that provides many uses, including exporting PIV certificates and validating certificates||System Engineers|
|Personal Identify Verification (PIV) Cert Validator Tool||Max.gov PIV Tool (External)||The PIV Certificate Validator is a website application hosted by Max.gov. It assists in verifying the certificates found on a PIV card.||System Engineers|
|PKI Interoperability Test Tool (PITT) for Microsoft Windows||Sourceforge (External)||The PKI Interoperability Test Tool (PITT) is a utility intended for PKI integrators. It allows inspection and troubleshooting of certification path processing for a given PKI using both PKIF and Microsoft CAPI. It’s especially useful for identifying a portion of your PKI that may be causing performance problems.||System Engineers|
|FPKI CRL Miner||GitHub (External)||A work in progress Open Source GitHub repository to validate all HTTP CRL URLs for the Federal PKI.||System Engineers|
|crt.sh||External||Certificate Transparency auditor used to find and audit TLS certificate issuances and issues.||System Engineers|
|OpenSC||Github (External)||OpenSC provides a set of libraries and utilities to work with smart cards. Use OpenSC versions of 0.20.0 or greater to reduce website authentication errors related to TLS 1.3.||System Engineers|
|NIST 85B (800-73-4) Test Tool||NIST (External)||Used to pull deep PIV contents when integrating PIV with various infrastructure components.||System Engineers; FPKI Card Issuers|