Used as an example target for certificate analysis, demonstrating the ability to analyze TLS certificates for GitHub domains.
Used as an example target for certificate analysis, demonstrating the ability to analyze TLS certificates for Google domains.
Leverages OpenSSL for TLS certificate analysis when available, falling back to Python cryptography library if needed.
A Model Context Protocol (MCP) server that provides a unified, user-friendly tool for TLS certificate analysis. No more copying PEM data between functions - everything happens in one clean interface! This tool has been written entirely via Claude Code, as a fun learning project.
All-in-One Interface: Single tool with flexible options for any certificate analysis need
Smart Analysis: Automatically uses OpenSSL when available, falls back to Python cryptography
Certificate Expiration Monitoring: Automatic expiration checking with human-friendly warnings
Cipher Suite Analysis: Comprehensive TLS cipher suite and version support testing
Security Grading: Automated security assessment with grades from A+ to F
Flexible Options: Choose quick/detailed analysis, include/exclude PEM, enable/disable linting
Zero PEM Copying: Analysis happens automatically without manual certificate handling
Comprehensive Testing: Full test coverage with unit, integration, and real-world tests
fetch_certificate - All-in-One Certificate AnalysisFetches and analyzes TLS certificates with flexible options - no need to copy PEM data between tools!
Parameters:
hostname (required): Website hostname (e.g., "google.com")
port (optional): Port number (default: 443)
include_pem (optional): Include raw PEM certificate in output (default: false)
analyze (optional): Analysis level - "none", "quick", or "detailed" (default: "quick")
lint (optional): Run zlint compliance checking (default: false)
use_openssl (optional): Use OpenSSL for analysis when available (default: true)
analyze_ciphers (optional): Analyze supported cipher suites and TLS versions (default: false)
cipher_scan_type (optional): Type of cipher scan - "quick" or "full" (default: "quick")
Analysis Options:
Quick Analysis: Essential certificate info (subject, issuer, validity, SANs)
Detailed Analysis: Full certificate details including extensions and key info
Expiration Monitoring: Automatic expiration checking with smart warnings:
β Valid certificates show time until expiration
π‘ Certificates expiring within 30 days get yellow warning
β οΈ Certificates expiring within 7 days get urgent warning
π΄ Expired certificates show time since expiration
β³ Future-valid certificates show time until validity
OpenSSL vs Cryptography: Automatically uses OpenSSL if available, falls back to Python cryptography
Examples:
{"hostname": "google.com"} - Quick analysis only
{"hostname": "github.com", "analyze": "detailed", "lint": true} - Detailed analysis + zlint
{"hostname": "badssl.com", "analyze": "none", "include_pem": true} - Just fetch PEM
Python 3.13+
zlint (for certificate linting)
OpenSSL (for certificate operations)
Clone and setup the project:
Install development dependencies (optional):
Run tests to verify installation:
Add the following to your Claude Desktop configuration file:
Location: ~/Library/Application Support/Claude/claude_desktop_config.json
Replace
After configuration, restart Claude Desktop and try these commands:
Key Benefits:
β No PEM copying - Analysis happens automatically
β Flexible options - Choose what info you need
β Smart defaults - Works great out of the box
β OpenSSL integration - Uses the best available tools
Run the comprehensive test suite:
Unit Tests: Test the new unified interface with mocked dependencies
Cipher Analysis Tests: Test cipher categorization, TLS version detection, and security grading
Expiration Check Tests: Test certificate validity checking, duration formatting, and timezone handling
Basic Integration Tests: Test server registration and tool options
Real-World Integration Tests: Test full workflow with live Google certificate
Error Handling: Test various failure scenarios
Current Coverage: 34 passing tests with comprehensive coverage
The server is built using the MCP Python SDK with a modern, user-friendly design:
Single Tool Interface: One fetch_certificate tool with flexible options
Smart Analysis: Automatically chooses OpenSSL or Python cryptography
Async Operations: All operations are asynchronous for better performance
Error Handling: Comprehensive error handling with graceful fallbacks
Modular Helpers: Internal helper functions for different analysis methods
No PEM Juggling: Analysis happens automatically without manual PEM copying
Certificates are processed locally - no data is sent to external services
Network connections use standard SSL/TLS libraries
Temporary files are cleaned up after zlint operations
Error messages don't expose sensitive system information
Fork the repository
Create a feature branch
Add tests for new functionality
Ensure all tests pass: pytest tests/ -v
Submit a pull request
MIT License - see LICENSE file for details.
"zlint command not found"
Install zlint using the instructions above
Verify it's in your PATH: which zlint
"Failed to fetch certificate"
Check your internet connection
Verify the hostname is correct
Some servers may block automated requests
"MCP server not appearing in Claude"
Verify the configuration file path is correct
Check that Python path in config points to your virtual environment
Restart Claude Desktop after configuration changes
Enable debug logging by setting the environment variable:
v0.2.1: Added certificate expiration monitoring with human-friendly warnings and timezone handling
v0.2.0: Major interface redesign with unified fetch_certificate tool, OpenSSL integration, cipher suite analysis, security grading
v0.1.0: Initial release with basic certificate fetching, analysis, and linting
This server cannot be installed
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
Provides a unified tool for TLS certificate analysis with automatic OpenSSL integration, allowing users to fetch, analyze and assess security of TLS certificates without manual PEM handling.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/malaya-zemlya/tls-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server