Pktool - V2.0

You need to verify that no legacy SHA-1 certificates exist in your organization's trust store. The v2.0 Advantage: The pktool list command now supports verbose JSON output. An auditor can pipe this output directly into a vulnerability scanner or SIEM (Security Information and Event Management) system. The JSON output clearly labels the algorithm strength, making it easy to flag non-compliant certificates.

So came pktool v1.0 : the first pair of eyes pressed against the wire. It could parse, filter, print — a stethoscope for the digital circulatory system. It was good. But it was literal . pktool v2.0

It introduces three new dimensions:

# Create a PFX from key and cert pktool pfx create -key private.pem -cert server.crt -out server.pfx -password secure123 You need to verify that no legacy SHA-1