npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@teamnetwork-nz/sslstore-mcp-server

v0.4.1

Published

MCP server for the SSLStore (The SSL Store) certificate API — manage the full SSL/TLS certificate lifecycle from Claude

Readme

sslstore-mcp-server

MCP server for The SSL Store certificate API. Manage the full SSL/TLS certificate lifecycle — order, validate, download, reissue, and revoke certificates — directly from Claude or any MCP-compatible client.

Features

  • Browse the product catalogue and pricing
  • Generate RSA private keys and CSRs locally (key never leaves the machine)
  • Place, track, query, and search certificate orders
  • Complete prepaid "Incomplete" orders by Token — reissue against an existing certificate or renew/issue while preserving remaining validity
  • Download issued certificate files (leaf, CA bundle, intermediates, roots) in PEM, with optional PKCS7 chain
  • Use any order ID — the partner portal order ID, internal SSL Store ID, partner ID, or your custom reference all resolve automatically
  • Reissue and revoke certificates
  • Manage domain control validation (DCV) — resend or change approver emails, switch to DNS/HTTP validation
  • Bundle certificates into PFX/PKCS12 for Windows / IIS / Azure
  • Configure order status webhooks
  • Sandbox and read-only modes for safe exploration
  • Local-timezone date display — all API dates converted to your local time automatically

Requirements

Installation

npm install -g sslstore-mcp-server

Or run directly with npx (no install needed):

npx sslstore-mcp-server

Configuration

All configuration is via environment variables.

| Variable | Required | Default | Description | |---|---|---|---| | SSLSTORE_PARTNER_CODE | Yes | — | Your SSL Store partner code | | SSLSTORE_AUTH_TOKEN | Yes | — | Your SSL Store auth token | | SSLSTORE_SANDBOX | No | true | Set to false to use the live API | | SSLSTORE_READONLY | No | true | Set to false to enable write operations | | SSLSTORE_KEY_DIR | No | ./keys | Directory where generated private keys are saved | | DATETIMEFORMAT | No | local | Timezone for date display. local = system timezone; any IANA name (e.g. Pacific/Auckland, America/New_York) pins a specific zone |

Defaults are safe: the server starts in sandbox + read-only mode. You must explicitly set SSLSTORE_SANDBOX=false and SSLSTORE_READONLY=false to place real orders.

MCP client setup

Claude Code

Add to your project's .mcp.json or user-level MCP config:

{
  "mcpServers": {
    "sslstore": {
      "command": "npx",
      "args": ["sslstore-mcp-server"],
      "env": {
        "SSLSTORE_PARTNER_CODE": "your-partner-code",
        "SSLSTORE_AUTH_TOKEN": "your-auth-token",
        "SSLSTORE_SANDBOX": "false",
        "SSLSTORE_READONLY": "false",
        "DATETIMEFORMAT": "Pacific/Auckland"
      }
    }
  }
}

Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "sslstore": {
      "command": "npx",
      "args": ["sslstore-mcp-server"],
      "env": {
        "SSLSTORE_PARTNER_CODE": "your-partner-code",
        "SSLSTORE_AUTH_TOKEN": "your-auth-token",
        "SSLSTORE_SANDBOX": "false",
        "SSLSTORE_READONLY": "false",
        "DATETIMEFORMAT": "Pacific/Auckland"
      }
    }
  }
}

Agent guidance

The server supplies MCP instructions that are automatically delivered to the calling agent at session start. These cover:

  • Mode awareness — sandbox vs live, read-only vs read-write, which tools are available
  • Order IDs — any order ID variant (portal, internal, partner, custom) is accepted and resolved automatically; responses report the portal-visible ID
  • Datetime format — accepted input formats (YYYY-MM-DD or MM/DD/YYYY), timezone-aware output
  • Typical workflow — step-by-step from credentials check through to certificate download
  • DCV options — email, DNS, and HTTP validation; how to resend or switch method
  • Irreversible operations — revocation warning, private key security
  • Order searching — filtering by domain, status, expiry window

No special prompting is required — the agent receives these guidelines automatically.

Tools

Discovery

| Tool | Description | |---|---| | validate_credentials | Verify the API is reachable and credentials are valid | | list_products | Browse available certificate products and pricing, optionally filtered by type (DV/OV/EV/Wildcard/Multi-Domain) | | get_approver_list | Get valid DCV approver email addresses for a domain before ordering |

Key & CSR

| Tool | Description | |---|---| | create_certificate_request | Generate an RSA private key and CSR locally. The private key is saved to disk and never transmitted. Optionally validates the CSR via the API. |

Orders

| Tool | Description | |---|---| | submit_order | Place a new certificate order (requires SSLSTORE_READONLY=false) | | submit_pending_order | Complete a prepaid "Incomplete" order by Token — reissue against an existing order, or renew/issue using the prepaid order (requires SSLSTORE_READONLY=false) | | get_order_status | Track fulfilment status and domain validation progress | | query_order | Retrieve full order details including contacts and organisation info | | search_orders | Search and filter orders by domain, status, date range, or expiry window | | reissue_certificate | Reissue an existing order with a new CSR (requires SSLSTORE_READONLY=false) | | revoke_certificate | Revoke an issued certificate — irreversible (requires SSLSTORE_READONLY=false) |

Domain Control Validation

| Tool | Description | |---|---| | resend_approver_email | Resend the DCV email or switch to DNS/HTTP validation (requires SSLSTORE_READONLY=false) | | change_approver_email | Permanently change the approver email and trigger a new validation email (requires SSLSTORE_READONLY=false) |

Certificate files

| Tool | Description | |---|---| | download_certificate | Download the issued certificate and chain files (PEM; optional PKCS7 chain via pkcs7). Can optionally save to disk. | | create_pfx | Bundle a certificate, CA chain, and private key into a PFX/PKCS12 file for Windows/IIS/Azure |

Settings

| Tool | Description | |---|---| | set_order_callback | Configure a webhook URL for order status notifications (requires SSLSTORE_READONLY=false) |

Typical workflow

1. validate_credentials          — confirm API access
2. list_products                 — find the right product code
3. get_approver_list             — get valid DCV emails for your domain
4. create_certificate_request    — generate key + CSR for your domain
5. submit_order                  — place the order
6. get_order_status              — poll until status is ACTIVE
7. download_certificate          — save the issued cert
8. create_pfx                    — bundle for deployment (optional)

Prepaid "Incomplete" orders

If you prefer to keep control of the purchase (a financial transaction) and place the order manually in the partner portal, the result is an "Incomplete" order — visible to the API via search_orders / get_order_status as MajorStatus Pending/Initial, with no domain or CSR attached yet. This is the state immediately after purchase, before any CSR submission.

Each such order has a Token shown in the portal as <TokenID>#!<TokenCode>. Give this token to the agent along with the CSR and contact details, and use submit_pending_order with an explicit action:

  • reissue — the hostname already has a certificate with remaining validity; the CSR is applied to that existing order (no change to validity), and the prepaid token order stays available for later.
  • renew — extend validity using the prepaid order. If an existing order for the hostname is within its renewal window (~1 month before expiry), it's renewed (validity preserved/extended). If it's found but not yet eligible, the tool refuses and warns instead of placing a throwaway new order. If no existing order exists, the prepaid order is completed as a new certificate.

Order IDs

An SSL Store order carries several identifiers:

| ID | Where you see it | |---|---| | VendorOrderID | The order ID shown in the partner portal | | TheSSLStoreOrderID | Internal SSL Store ID — the only one the underlying API accepts | | PartnerOrderID | Assigned by the CA/vendor side | | CustomOrderID | Your own reference, if supplied at order time |

Every tool that takes an order_id accepts any of these. The server resolves it to the internal ID automatically (via the order search endpoint, cached per process), so you can work with the order number you see in the partner portal. Responses report the portal-visible ID as order_id and the internal ID as thesslstore_order_id.

Date handling

All dates are shown in the timezone configured by DATETIMEFORMAT. Dates you supply as input (e.g. search date ranges) are accepted in YYYY-MM-DD or MM/DD/YYYY format and sent to the API correctly. API responses in UTC are automatically converted for display.

Development

git clone https://github.com/TEAMnetwork-NZ/sslstore-mcp.git
cd sslstore-mcp
npm install
npm run dev        # watch mode with tsx
npm run build      # compile to dist/
npm run typecheck  # type check without emitting

License

MIT