diff --git a/internal/cert/cert.go b/common/cert/cert.go
similarity index 100%
rename from internal/cert/cert.go
rename to common/cert/cert.go
diff --git a/internal/cert/fingerprint.go b/common/cert/fingerprint.go
similarity index 100%
rename from internal/cert/fingerprint.go
rename to common/cert/fingerprint.go
diff --git a/controller/env/appenv.go b/controller/env/appenv.go
index 9850105a1..1da24d17f 100644
--- a/controller/env/appenv.go
+++ b/controller/env/appenv.go
@@ -38,6 +38,7 @@ import (
 	managementServer "github.com/openziti/edge-api/rest_management_api_server"
 	managementOperations "github.com/openziti/edge-api/rest_management_api_server/operations"
 	"github.com/openziti/edge-api/rest_model"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/common/eid"
 	edgeConfig "github.com/openziti/edge/controller/config"
 	"github.com/openziti/edge/controller/events"
@@ -47,7 +48,6 @@ import (
 	"github.com/openziti/edge/controller/oidc_auth"
 	"github.com/openziti/edge/controller/persistence"
 	"github.com/openziti/edge/controller/response"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/api"
 	"github.com/openziti/fabric/controller/models"
 	"github.com/openziti/fabric/controller/network"
diff --git a/controller/handler_edge_ctrl/extend_enrollment.go b/controller/handler_edge_ctrl/extend_enrollment.go
index 20e92e7d4..1db0a16a7 100644
--- a/controller/handler_edge_ctrl/extend_enrollment.go
+++ b/controller/handler_edge_ctrl/extend_enrollment.go
@@ -19,10 +19,10 @@ package handler_edge_ctrl
 import (
 	"github.com/michaelquigley/pfxlog"
 	"github.com/openziti/channel/v2"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/common/pb/edge_ctrl_pb"
 	"github.com/openziti/edge/controller/env"
 	"github.com/openziti/edge/controller/model"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/change"
 	"github.com/openziti/fabric/controller/models"
 	"google.golang.org/protobuf/proto"
diff --git a/controller/internal/routes/enroll_router.go b/controller/internal/routes/enroll_router.go
index 4a7f4cebe..5edf4bbdf 100644
--- a/controller/internal/routes/enroll_router.go
+++ b/controller/internal/routes/enroll_router.go
@@ -28,12 +28,12 @@ import (
 	client_well_known "github.com/openziti/edge-api/rest_client_api_server/operations/well_known"
 	management_well_known "github.com/openziti/edge-api/rest_management_api_server/operations/well_known"
 	"github.com/openziti/edge-api/rest_model"
+	cert2 "github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/controller/env"
 	"github.com/openziti/edge/controller/internal/permissions"
 	"github.com/openziti/edge/controller/model"
 	"github.com/openziti/edge/controller/persistence"
 	"github.com/openziti/edge/controller/response"
-	cert2 "github.com/openziti/edge/internal/cert"
 	"github.com/openziti/foundation/v2/errorz"
 	"net/http"
 	"strings"
diff --git a/controller/model/api_session_certificate_manager.go b/controller/model/api_session_certificate_manager.go
index f732bc062..3d6d67432 100644
--- a/controller/model/api_session_certificate_manager.go
+++ b/controller/model/api_session_certificate_manager.go
@@ -19,9 +19,9 @@ package model
 import (
 	"crypto/x509"
 	"fmt"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/controller/apierror"
 	"github.com/openziti/edge/controller/persistence"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/change"
 	"github.com/openziti/fabric/controller/models"
 	"go.etcd.io/bbolt"
diff --git a/controller/model/authenticator_manager.go b/controller/model/authenticator_manager.go
index b670b98c5..894c7142c 100644
--- a/controller/model/authenticator_manager.go
+++ b/controller/model/authenticator_manager.go
@@ -22,11 +22,11 @@ import (
 	"fmt"
 	"github.com/google/uuid"
 	"github.com/michaelquigley/pfxlog"
+	edgeCert "github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/common/eid"
 	"github.com/openziti/edge/common/pb/edge_cmd_pb"
 	"github.com/openziti/edge/controller/apierror"
 	"github.com/openziti/edge/controller/persistence"
-	edgeCert "github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/change"
 	"github.com/openziti/fabric/controller/command"
 	"github.com/openziti/fabric/controller/fields"
diff --git a/controller/model/authenticator_mod_cert.go b/controller/model/authenticator_mod_cert.go
index 40ddf40aa..86612ed2c 100644
--- a/controller/model/authenticator_mod_cert.go
+++ b/controller/model/authenticator_mod_cert.go
@@ -21,9 +21,9 @@ import (
 	"encoding/base64"
 	"encoding/pem"
 	"github.com/michaelquigley/pfxlog"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/controller/apierror"
 	"github.com/openziti/edge/controller/persistence"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/change"
 	"github.com/openziti/fabric/controller/models"
 	"github.com/openziti/foundation/v2/errorz"
diff --git a/controller/model/ca_model.go b/controller/model/ca_model.go
index 5cd2072c6..0c116c2dd 100644
--- a/controller/model/ca_model.go
+++ b/controller/model/ca_model.go
@@ -19,10 +19,10 @@ package model
 import (
 	"crypto/x509"
 	"fmt"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/common/eid"
 	"github.com/openziti/edge/controller/apierror"
 	"github.com/openziti/edge/controller/persistence"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/models"
 	"github.com/openziti/foundation/v2/errorz"
 	"github.com/openziti/storage/boltz"
diff --git a/controller/model/edge_router_manager.go b/controller/model/edge_router_manager.go
index 4bad3ebfe..bc8448dd0 100644
--- a/controller/model/edge_router_manager.go
+++ b/controller/model/edge_router_manager.go
@@ -19,6 +19,7 @@ package model
 import (
 	"encoding/json"
 	"fmt"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/common/eid"
 	"github.com/openziti/edge/common/pb/edge_cmd_pb"
 	"github.com/openziti/fabric/controller/change"
@@ -32,7 +33,6 @@ import (
 	"github.com/michaelquigley/pfxlog"
 	"github.com/openziti/edge/controller/apierror"
 	"github.com/openziti/edge/controller/persistence"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/db"
 	"github.com/openziti/fabric/controller/models"
 	"github.com/openziti/storage/boltz"
diff --git a/controller/model/enrollment_manager.go b/controller/model/enrollment_manager.go
index c12a63ef9..5387e90d5 100644
--- a/controller/model/enrollment_manager.go
+++ b/controller/model/enrollment_manager.go
@@ -20,10 +20,10 @@ import (
 	"crypto/x509"
 	"fmt"
 	"github.com/michaelquigley/pfxlog"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/common/pb/edge_cmd_pb"
 	"github.com/openziti/edge/controller/apierror"
 	"github.com/openziti/edge/controller/persistence"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/change"
 	"github.com/openziti/fabric/controller/command"
 	"github.com/openziti/fabric/controller/fields"
diff --git a/controller/model/enrollment_mod_ca.go b/controller/model/enrollment_mod_ca.go
index 923d9873f..cf4680654 100644
--- a/controller/model/enrollment_mod_ca.go
+++ b/controller/model/enrollment_mod_ca.go
@@ -21,10 +21,10 @@ import (
 	"encoding/pem"
 	"fmt"
 	"github.com/michaelquigley/pfxlog"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/common/eid"
 	"github.com/openziti/edge/controller/apierror"
 	"github.com/openziti/edge/controller/persistence"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/models"
 	"github.com/sirupsen/logrus"
 )
diff --git a/controller/model/enrollment_mod_erott.go b/controller/model/enrollment_mod_erott.go
index f5be2553b..914641cd4 100644
--- a/controller/model/enrollment_mod_erott.go
+++ b/controller/model/enrollment_mod_erott.go
@@ -19,8 +19,8 @@ package model
 import (
 	"fmt"
 	"github.com/openziti/edge-api/rest_model"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/controller/apierror"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/change"
 	"github.com/openziti/foundation/v2/errorz"
 	"github.com/pkg/errors"
diff --git a/controller/model/enrollment_mod_ott.go b/controller/model/enrollment_mod_ott.go
index 695a324b7..737f3cb5b 100644
--- a/controller/model/enrollment_mod_ott.go
+++ b/controller/model/enrollment_mod_ott.go
@@ -19,10 +19,10 @@ package model
 import (
 	"encoding/pem"
 	"github.com/openziti/edge-api/rest_model"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/common/eid"
 	"github.com/openziti/edge/controller/apierror"
 	"github.com/openziti/edge/controller/persistence"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/change"
 	"github.com/openziti/fabric/controller/models"
 )
diff --git a/controller/model/enrollment_mod_ottca.go b/controller/model/enrollment_mod_ottca.go
index 3108fc6a8..aeebdb46e 100644
--- a/controller/model/enrollment_mod_ottca.go
+++ b/controller/model/enrollment_mod_ottca.go
@@ -19,9 +19,9 @@ package model
 import (
 	"crypto/x509"
 	"encoding/pem"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/controller/apierror"
 	"github.com/openziti/edge/controller/persistence"
-	"github.com/openziti/edge/internal/cert"
 	fabricApiError "github.com/openziti/fabric/controller/apierror"
 	"github.com/openziti/fabric/controller/change"
 	"github.com/openziti/fabric/controller/models"
diff --git a/controller/model/enrollment_mod_trott.go b/controller/model/enrollment_mod_trott.go
index 2f75f9360..977a9e156 100644
--- a/controller/model/enrollment_mod_trott.go
+++ b/controller/model/enrollment_mod_trott.go
@@ -19,8 +19,8 @@ package model
 import (
 	"fmt"
 	"github.com/openziti/edge-api/rest_model"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/controller/apierror"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/change"
 	"time"
 )
diff --git a/controller/model/enrollment_mod_updb.go b/controller/model/enrollment_mod_updb.go
index 8c8b05d18..3d7415294 100644
--- a/controller/model/enrollment_mod_updb.go
+++ b/controller/model/enrollment_mod_updb.go
@@ -19,10 +19,10 @@ package model
 import (
 	"encoding/base64"
 	"errors"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/common/eid"
 	"github.com/openziti/edge/controller/apierror"
 	"github.com/openziti/edge/controller/persistence"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/change"
 	"github.com/openziti/fabric/controller/models"
 	"github.com/openziti/foundation/v2/errorz"
diff --git a/controller/model/env.go b/controller/model/env.go
index 39d858288..c513bf093 100644
--- a/controller/model/env.go
+++ b/controller/model/env.go
@@ -20,10 +20,10 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"github.com/golang-jwt/jwt/v5"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/controller/config"
 	"github.com/openziti/edge/controller/jwtsigner"
 	"github.com/openziti/edge/controller/persistence"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/network"
 	"github.com/openziti/identity"
 	"github.com/openziti/metrics"
diff --git a/controller/model/testing.go b/controller/model/testing.go
index 9be9bede1..891f54edd 100644
--- a/controller/model/testing.go
+++ b/controller/model/testing.go
@@ -21,11 +21,11 @@ import (
 	"crypto/x509"
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/google/uuid"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/common/eid"
 	"github.com/openziti/edge/controller/config"
 	"github.com/openziti/edge/controller/jwtsigner"
 	"github.com/openziti/edge/controller/persistence"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/change"
 	"github.com/openziti/fabric/controller/network"
 	"github.com/openziti/identity"
diff --git a/http-client.private.env.json b/http-client.private.env.json
deleted file mode 100644
index 061bb6375..000000000
--- a/http-client.private.env.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "development": {
-    "edge_controller_url": "https://ziti-dev-controller01.localhost:1280/"
-  }
-}
diff --git a/install.sh b/install.sh
deleted file mode 100644
index edc353c44..000000000
--- a/install.sh
+++ /dev/null
@@ -1,408 +0,0 @@
-#!/bin/sh
-set -e
-
-usage() {
-  this=$1
-  cat <<EOF
-$this: download go binaries for golangci/golangci-lint
-
-Usage: $this [-b] bindir [-d] [tag]
-  -b sets bindir or installation directory, Defaults to ./bin
-  -d turns on debug logging
-   [tag] is a tag from
-   https://github.com/golangci/golangci-lint/releases
-   If tag is missing, then the latest will be used.
-
- Generated by godownloader
-  https://github.com/goreleaser/godownloader
-
-EOF
-  exit 2
-}
-
-parse_args() {
-  #BINDIR is ./bin unless set be ENV
-  # over-ridden by flag below
-
-  BINDIR=${BINDIR:-./bin}
-  while getopts "b:dh?x" arg; do
-    case "$arg" in
-      b) BINDIR="$OPTARG" ;;
-      d) log_set_priority 10 ;;
-      h | \?) usage "$0" ;;
-      x) set -x ;;
-    esac
-  done
-  shift $((OPTIND - 1))
-  TAG=$1
-}
-# this function wraps all the destructive operations
-# if a curl|bash cuts off the end of the script due to
-# network, either nothing will happen or will syntax error
-# out preventing half-done work
-execute() {
-  tmpdir=$(mktemp -d)
-  log_debug "downloading files into ${tmpdir}"
-  http_download "${tmpdir}/${TARBALL}" "${TARBALL_URL}"
-  http_download "${tmpdir}/${CHECKSUM}" "${CHECKSUM_URL}"
-  hash_sha256_verify "${tmpdir}/${TARBALL}" "${tmpdir}/${CHECKSUM}"
-  srcdir="${tmpdir}/${NAME}"
-  rm -rf "${srcdir}"
-  (cd "${tmpdir}" && untar "${TARBALL}")
-  test ! -d "${BINDIR}" && install -d "${BINDIR}"
-  for binexe in $BINARIES; do
-    if [ "$OS" = "windows" ]; then
-      binexe="${binexe}.exe"
-    fi
-    install "${srcdir}/${binexe}" "${BINDIR}/"
-    log_info "installed ${BINDIR}/${binexe}"
-  done
-  rm -rf "${tmpdir}"
-}
-get_binaries() {
-  case "$PLATFORM" in
-    darwin/amd64) BINARIES="golangci-lint" ;;
-    darwin/arm64) BINARIES="golangci-lint" ;;
-    darwin/armv6) BINARIES="golangci-lint" ;;
-    darwin/armv7) BINARIES="golangci-lint" ;;
-    darwin/mips64) BINARIES="golangci-lint" ;;
-    darwin/mips64le) BINARIES="golangci-lint" ;;
-    darwin/ppc64le) BINARIES="golangci-lint" ;;
-    darwin/s390x) BINARIES="golangci-lint" ;;
-    freebsd/386) BINARIES="golangci-lint" ;;
-    freebsd/amd64) BINARIES="golangci-lint" ;;
-    freebsd/armv6) BINARIES="golangci-lint" ;;
-    freebsd/armv7) BINARIES="golangci-lint" ;;
-    freebsd/mips64) BINARIES="golangci-lint" ;;
-    freebsd/mips64le) BINARIES="golangci-lint" ;;
-    freebsd/ppc64le) BINARIES="golangci-lint" ;;
-    freebsd/s390x) BINARIES="golangci-lint" ;;
-    linux/386) BINARIES="golangci-lint" ;;
-    linux/amd64) BINARIES="golangci-lint" ;;
-    linux/arm64) BINARIES="golangci-lint" ;;
-    linux/armv6) BINARIES="golangci-lint" ;;
-    linux/armv7) BINARIES="golangci-lint" ;;
-    linux/mips64) BINARIES="golangci-lint" ;;
-    linux/mips64le) BINARIES="golangci-lint" ;;
-    linux/ppc64le) BINARIES="golangci-lint" ;;
-    linux/s390x) BINARIES="golangci-lint" ;;
-    linux/riscv64) BINARIES="golangci-lint" ;;
-    windows/386) BINARIES="golangci-lint" ;;
-    windows/amd64) BINARIES="golangci-lint" ;;
-    windows/arm64) BINARIES="golangci-lint" ;;
-    windows/armv6) BINARIES="golangci-lint" ;;
-    windows/armv7) BINARIES="golangci-lint" ;;
-    windows/mips64) BINARIES="golangci-lint" ;;
-    windows/mips64le) BINARIES="golangci-lint" ;;
-    windows/ppc64le) BINARIES="golangci-lint" ;;
-    windows/s390x) BINARIES="golangci-lint" ;;
-    *)
-      log_crit "platform $PLATFORM is not supported.  Make sure this script is up-to-date and file request at https://github.com/${PREFIX}/issues/new"
-      exit 1
-      ;;
-  esac
-}
-tag_to_version() {
-  if [ -z "${TAG}" ]; then
-    log_info "checking GitHub for latest tag"
-  else
-    log_info "checking GitHub for tag '${TAG}'"
-  fi
-  REALTAG=$(github_release "$OWNER/$REPO" "${TAG}") && true
-  if test -z "$REALTAG"; then
-    log_crit "unable to find '${TAG}' - use 'latest' or see https://github.com/${PREFIX}/releases for details"
-    exit 1
-  fi
-  # if version starts with 'v', remove it
-  TAG="$REALTAG"
-  VERSION=${TAG#v}
-}
-adjust_format() {
-  # change format (tar.gz or zip) based on OS
-  case ${OS} in
-    windows) FORMAT=zip ;;
-  esac
-  true
-}
-adjust_os() {
-  # adjust archive name based on OS
-  true
-}
-adjust_arch() {
-  # adjust archive name based on ARCH
-  true
-}
-
-cat /dev/null <<EOF
-------------------------------------------------------------------------
-https://github.com/client9/shlib - portable posix shell functions
-Public domain - http://unlicense.org
-https://github.com/client9/shlib/blob/master/LICENSE.md
-but credit (and pull requests) appreciated.
-------------------------------------------------------------------------
-EOF
-is_command() {
-  command -v "$1" >/dev/null
-}
-echoerr() {
-  echo "$@" 1>&2
-}
-log_prefix() {
-  echo "$0"
-}
-_logp=6
-log_set_priority() {
-  _logp="$1"
-}
-log_priority() {
-  if test -z "$1"; then
-    echo "$_logp"
-    return
-  fi
-  [ "$1" -le "$_logp" ]
-}
-log_tag() {
-  case $1 in
-    0) echo "emerg" ;;
-    1) echo "alert" ;;
-    2) echo "crit" ;;
-    3) echo "err" ;;
-    4) echo "warning" ;;
-    5) echo "notice" ;;
-    6) echo "info" ;;
-    7) echo "debug" ;;
-    *) echo "$1" ;;
-  esac
-}
-log_debug() {
-  log_priority 7 || return 0
-  echoerr "$(log_prefix)" "$(log_tag 7)" "$@"
-}
-log_info() {
-  log_priority 6 || return 0
-  echoerr "$(log_prefix)" "$(log_tag 6)" "$@"
-}
-log_err() {
-  log_priority 3 || return 0
-  echoerr "$(log_prefix)" "$(log_tag 3)" "$@"
-}
-log_crit() {
-  log_priority 2 || return 0
-  echoerr "$(log_prefix)" "$(log_tag 2)" "$@"
-}
-uname_os() {
-  os=$(uname -s | tr '[:upper:]' '[:lower:]')
-  case "$os" in
-    msys*) os="windows" ;;
-    mingw*) os="windows" ;;
-    cygwin*) os="windows" ;;
-    win*) os="windows" ;;
-  esac
-  echo "$os"
-}
-uname_arch() {
-  arch=$(uname -m)
-  case $arch in
-    x86_64) arch="amd64" ;;
-    x86) arch="386" ;;
-    i686) arch="386" ;;
-    i386) arch="386" ;;
-    aarch64) arch="arm64" ;;
-    armv5*) arch="armv5" ;;
-    armv6*) arch="armv6" ;;
-    armv7*) arch="armv7" ;;
-  esac
-  echo ${arch}
-}
-uname_os_check() {
-  os=$(uname_os)
-  case "$os" in
-    darwin) return 0 ;;
-    dragonfly) return 0 ;;
-    freebsd) return 0 ;;
-    linux) return 0 ;;
-    android) return 0 ;;
-    nacl) return 0 ;;
-    netbsd) return 0 ;;
-    openbsd) return 0 ;;
-    plan9) return 0 ;;
-    solaris) return 0 ;;
-    windows) return 0 ;;
-  esac
-  log_crit "uname_os_check '$(uname -s)' got converted to '$os' which is not a GOOS value."
-  return 1
-}
-uname_arch_check() {
-  arch=$(uname_arch)
-  case "$arch" in
-    386) return 0 ;;
-    amd64) return 0 ;;
-    arm64) return 0 ;;
-    armv5) return 0 ;;
-    armv6) return 0 ;;
-    armv7) return 0 ;;
-    ppc64) return 0 ;;
-    ppc64le) return 0 ;;
-    mips) return 0 ;;
-    mipsle) return 0 ;;
-    mips64) return 0 ;;
-    mips64le) return 0 ;;
-    s390x) return 0 ;;
-    riscv64) return 0 ;;
-    amd64p32) return 0 ;;
-  esac
-  log_crit "uname_arch_check '$(uname -m)' got converted to '$arch' which is not a GOARCH value."
-  return 1
-}
-untar() {
-  tarball=$1
-  case "${tarball}" in
-    *.tar.gz | *.tgz) tar --no-same-owner -xzf "${tarball}" ;;
-    *.tar) tar --no-same-owner -xf "${tarball}" ;;
-    *.zip) unzip "${tarball}" ;;
-    *)
-      log_err "untar unknown archive format for ${tarball}"
-      return 1
-      ;;
-  esac
-}
-http_download_curl() {
-  local_file=$1
-  source_url=$2
-  header=$3
-  if [ -z "$header" ]; then
-    code=$(curl -w '%{http_code}' -sL -o "$local_file" "$source_url")
-  else
-    code=$(curl -w '%{http_code}' -sL -H "$header" -o "$local_file" "$source_url")
-  fi
-  if [ "$code" != "200" ]; then
-    log_debug "http_download_curl received HTTP status $code"
-    return 1
-  fi
-  return 0
-}
-http_download_wget() {
-  local_file=$1
-  source_url=$2
-  header=$3
-  if [ -z "$header" ]; then
-    wget -q -O "$local_file" "$source_url"
-  else
-    wget -q --header "$header" -O "$local_file" "$source_url"
-  fi
-}
-http_download() {
-  log_debug "http_download $2"
-  if is_command curl; then
-    http_download_curl "$@"
-    return
-  elif is_command wget; then
-    http_download_wget "$@"
-    return
-  fi
-  log_crit "http_download unable to find wget or curl"
-  return 1
-}
-http_copy() {
-  tmp=$(mktemp)
-  http_download "${tmp}" "$1" "$2" || return 1
-  body=$(cat "$tmp")
-  rm -f "${tmp}"
-  echo "$body"
-}
-github_release() {
-  owner_repo=$1
-  version=$2
-  test -z "$version" && version="latest"
-  giturl="https://github.com/${owner_repo}/releases/${version}"
-  json=$(http_copy "$giturl" "Accept:application/json")
-  test -z "$json" && return 1
-  version=$(echo "$json" | tr -s '\n' ' ' | sed 's/.*"tag_name":"//' | sed 's/".*//')
-  test -z "$version" && return 1
-  echo "$version"
-}
-hash_sha256() {
-  TARGET=${1:-/dev/stdin}
-  if is_command gsha256sum; then
-    hash=$(gsha256sum "$TARGET") || return 1
-    echo "$hash" | cut -d ' ' -f 1
-  elif is_command sha256sum; then
-    hash=$(sha256sum "$TARGET") || return 1
-    echo "$hash" | cut -d ' ' -f 1
-  elif is_command shasum; then
-    hash=$(shasum -a 256 "$TARGET" 2>/dev/null) || return 1
-    echo "$hash" | cut -d ' ' -f 1
-  elif is_command openssl; then
-    hash=$(openssl -dst openssl dgst -sha256 "$TARGET") || return 1
-    echo "$hash" | cut -d ' ' -f a
-  else
-    log_crit "hash_sha256 unable to find command to compute sha-256 hash"
-    return 1
-  fi
-}
-hash_sha256_verify() {
-  TARGET=$1
-  checksums=$2
-  if [ -z "$checksums" ]; then
-    log_err "hash_sha256_verify checksum file not specified in arg2"
-    return 1
-  fi
-  BASENAME=${TARGET##*/}
-  want=$(grep "${BASENAME}" "${checksums}" 2>/dev/null | tr '\t' ' ' | cut -d ' ' -f 1)
-  if [ -z "$want" ]; then
-    log_err "hash_sha256_verify unable to find checksum for '${TARGET}' in '${checksums}'"
-    return 1
-  fi
-  got=$(hash_sha256 "$TARGET")
-  if [ "$want" != "$got" ]; then
-    log_err "hash_sha256_verify checksum for '$TARGET' did not verify ${want} vs $got"
-    return 1
-  fi
-}
-cat /dev/null <<EOF
-------------------------------------------------------------------------
-End of functions from https://github.com/client9/shlib
-------------------------------------------------------------------------
-EOF
-
-PROJECT_NAME="golangci-lint"
-OWNER=golangci
-REPO="golangci-lint"
-BINARY=golangci-lint
-FORMAT=tar.gz
-OS=$(uname_os)
-ARCH=$(uname_arch)
-PREFIX="$OWNER/$REPO"
-
-# use in logging routines
-log_prefix() {
-	echo "$PREFIX"
-}
-PLATFORM="${OS}/${ARCH}"
-GITHUB_DOWNLOAD=https://github.com/${OWNER}/${REPO}/releases/download
-
-uname_os_check "$OS"
-uname_arch_check "$ARCH"
-
-parse_args "$@"
-
-get_binaries
-
-tag_to_version
-
-adjust_format
-
-adjust_os
-
-adjust_arch
-
-log_info "found version: ${VERSION} for ${TAG}/${OS}/${ARCH}"
-
-NAME=${BINARY}-${VERSION}-${OS}-${ARCH}
-TARBALL=${NAME}.${FORMAT}
-TARBALL_URL=${GITHUB_DOWNLOAD}/${TAG}/${TARBALL}
-CHECKSUM=${PROJECT_NAME}-${VERSION}-checksums.txt
-CHECKSUM_URL=${GITHUB_DOWNLOAD}/${TAG}/${CHECKSUM}
-
-
-execute
diff --git a/router/handler_edge_ctrl/extendEnrollmentCerts.go b/router/handler_edge_ctrl/extendEnrollmentCerts.go
index 0487ba7ed..22c138439 100644
--- a/router/handler_edge_ctrl/extendEnrollmentCerts.go
+++ b/router/handler_edge_ctrl/extendEnrollmentCerts.go
@@ -22,9 +22,9 @@ import (
 	"github.com/michaelquigley/pfxlog"
 	"github.com/openziti/channel/v2"
 	"github.com/openziti/channel/v2/protobufs"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/common/pb/edge_ctrl_pb"
 	"github.com/openziti/edge/controller/env"
-	"github.com/openziti/edge/internal/cert"
 	nfpem "github.com/openziti/foundation/v2/pem"
 	"github.com/openziti/identity"
 	"google.golang.org/protobuf/proto"
diff --git a/router/xgress_edge/accept.go b/router/xgress_edge/accept.go
index c06cb877a..7264baf12 100644
--- a/router/xgress_edge/accept.go
+++ b/router/xgress_edge/accept.go
@@ -21,7 +21,7 @@ import (
 	"github.com/michaelquigley/pfxlog"
 	"github.com/openziti/channel/v2"
 	"github.com/openziti/channel/v2/latency"
-	"github.com/openziti/edge/internal/cert"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/sdk-golang/ziti/edge"
 	"math"
 )
diff --git a/router/xgress_edge/connections.go b/router/xgress_edge/connections.go
index 7aea54e56..d4711e47e 100644
--- a/router/xgress_edge/connections.go
+++ b/router/xgress_edge/connections.go
@@ -21,7 +21,7 @@ import (
 	"fmt"
 	"github.com/michaelquigley/pfxlog"
 	"github.com/openziti/channel/v2"
-	"github.com/openziti/edge/internal/cert"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/router/fabric"
 	"github.com/openziti/metrics"
 	"github.com/openziti/sdk-golang/ziti/edge"
diff --git a/router/xgress_edge/listener.go b/router/xgress_edge/listener.go
index d605be301..54dc4f715 100644
--- a/router/xgress_edge/listener.go
+++ b/router/xgress_edge/listener.go
@@ -19,6 +19,7 @@ package xgress_edge
 import (
 	"encoding/binary"
 	"fmt"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/common/pb/edge_ctrl_pb"
 	fabricMetrics "github.com/openziti/fabric/metrics"
 	"github.com/pkg/errors"
@@ -28,7 +29,6 @@ import (
 	"github.com/michaelquigley/pfxlog"
 	"github.com/openziti/channel/v2"
 	"github.com/openziti/channel/v2/protobufs"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/edge/router/xgress_common"
 	"github.com/openziti/fabric/router/xgress"
 	"github.com/openziti/identity"
diff --git a/tests/auth_cert_test.go b/tests/auth_cert_test.go
index 65230bb33..9a3649738 100644
--- a/tests/auth_cert_test.go
+++ b/tests/auth_cert_test.go
@@ -29,10 +29,10 @@ import (
 	"fmt"
 	"github.com/Jeffail/gabs"
 	"github.com/openziti/edge-api/rest_model"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/common/eid"
 	"github.com/openziti/edge/controller/env"
 	"github.com/openziti/edge/controller/model"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/fabric/controller/change"
 	nfPem "github.com/openziti/foundation/v2/pem"
 	"github.com/stretchr/testify/require"
diff --git a/tests/authenticate.go b/tests/authenticate.go
index 8f418609f..1deba087a 100644
--- a/tests/authenticate.go
+++ b/tests/authenticate.go
@@ -29,9 +29,9 @@ import (
 	"github.com/Jeffail/gabs"
 	"github.com/michaelquigley/pfxlog"
 	"github.com/openziti/edge-api/rest_model"
+	"github.com/openziti/edge/common/cert"
 	"github.com/openziti/edge/common/eid"
 	"github.com/openziti/edge/controller/env"
-	"github.com/openziti/edge/internal/cert"
 	"github.com/openziti/foundation/v2/stringz"
 	"github.com/openziti/sdk-golang/ziti"
 	"github.com/pkg/errors"