CERT-MCP-SERVER
by wouter-bon
Overview
Manages SSL/TLS certificates across various device types using Let's Encrypt and Cloudflare DNS for automated issuance and renewal.
Installation
uv run python -m cert_mcp.server_httpEnvironment Variables
- CERT_MCP_CONFIG
- CLOUDFLARE_API_TOKEN
- ACME_EMAIL
- ACME_ACCOUNT_KEY_PATH
- LOG_LEVEL
- CERT_MCP_HOST
- CERT_MCP_PORT
- CERT_MCP_NAME
- ACME_STAGING
Security Notes
The default configuration of `verify_ssl=False` for FortiGate, FortiManager, FortiAnalyzer, and Windows handlers, along with `paramiko.AutoAddPolicy()` for Linux SSH, represents a significant security risk. These settings disable server certificate validation and host key checking, making the system highly vulnerable to Man-in-the-Middle (MITM) attacks. An attacker could intercept sensitive certificate data, private keys, and device credentials. While a temporary hardcoded password (`TempCertPassword123!`) is used for Windows PFX operations, its transient nature and immediate deletion mitigate, but do not eliminate, this minor concern. Users must explicitly enable SSL verification and implement proper SSH host key management for secure operation.
Similar Servers
openai-sdk-knowledge-org
The server provides an AI-powered knowledge base for OpenAI API usage and SDKs, integrating Retrieval-Augmented Generation (RAG) and Model Context Protocol (MCP) capabilities.
cloudflare-mcp-server
The server integrates with the Cloudflare API to enable AI agents to manage zones, DNS records, Workers KV storage, cache, and analytics.
ssl-mcp-server
Provides an MCP server for performing SSL certificate operations like retrieval, generation, and parsing.
mcp-pihole
Connects AI assistants to Pi-hole to manage DNS blocking, view statistics, and control ad-blocking features via natural language.