CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line
tool and an HTTP API server for signing, verifying, and bundling TLS
certificates. It requires Go 1.16+ to build.

Note that certain linux distributions have certain algorithms removed
(RHEL-based distributions in particular), so the golang from the official
repositories will not work. Users of these distributions should install go
manually to install CFSSL.

CFSSL consists of:

* a set of packages useful for building custom TLS PKI tools
* the cfssl program, which is the canonical command line utility using the
  CFSSL packages.
* the multirootca program, which is a certificate authority server that can
  use multiple signing keys.
* the mkbundle program is used to build certificate pool bundles.
* the cfssljson program, which takes the JSON output from the cfssl and
  multirootca programs and writes certificates, keys, CSRs, and bundles
  to disk.