OpenCA - PKI Management Software

  •        494

The OpenCA PKI Development Project is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. The project development is divided in two main tasks: studying and refining the security scheme that guarantees the best model to be used in a CA and developing software to easily setup and manage a Certification Authority.

https://www.openca.org/projects/openca/
https://github.com/openca/openca-base
https://sourceforge.net/projects/openca/

Tags
Implementation
License
Platform

   




Related Projects

Ejbca - PKI Certificate Authority software

  •    Java

EJBCA is an enterprise class PKI Certificate Authority software. It supports SSL/TLS, Smart card logon to Windows and/or Linux, Signing and encrypting email (SMIME), Mobile PKI, Secure mobile networks and lot more.

Cryptlib - provides Encryption and Authentication Service

  •    C

cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

Dogtag - Certificate System

  •    Java

The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more. It supports Certificate issuance, revocation, and retrieval, Certificate Revocation List (CRL) generation and publishing, Encryption key archival and recovery and lot more.

Openxpki - Manage Keys and Certificate

  •    Perl

The OpenXPKI project has the vision to publish a software stack that provides all necessary components to manage keys and certificates primarily based on the X509v3 cryptography standard.

boulder - An ACME-based CA, written in Go.

  •    Go

This is an implementation of an ACME-based CA. The ACME protocol allows the CA to automatically verify that an applicant for a certificate actually controls an identifier, and allows domain holders to issue and revoke certificates for their domains.Boulder has a Dockerfile to make it easy to install and set up all its dependencies. This is how the maintainers work on Boulder, and is our main recommended way to run it.


EJBCA, JEE PKI Certificate Authority

  •    Java

EJBCA is an enterprise class PKI Certificate Authority built on JEE technology. It is a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in other JEE applications.

Tcpcrypt - Encrypting the Internet

  •    C

Tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. Unlike other security mechanisms, Tcpcrypt works out of the box: it requires no configuration, no changes to applications, and your network connections will continue to work even if the remote end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP.

certbot - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server

  •    Python

Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server. Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate is. Certbot and Let’s Encrypt can automate away the pain and let you turn on and manage HTTPS with simple commands. Using Certbot and Let's Encrypt is free, so there’s no need to arrange payment.

Certificate Request (PKCS#10) Generator

  •    

A .NET application that can create PKCS#10 Certificate Requests, either by generating a new key or reusing a preexisting one. Minimum requirement : Windows Vista and above. .NET 2.0.

caman - A self-signing certificate authority manager

  •    Shell

A self-signing certificate authority manager - create your own certificate authority, and generate and manage SSL certificates using openssl. This document explains how to use caman to create a certificate authority, optionally use an intermediate CA, and to create, sign, renew and revoke host certificates.

Smart Sign

  •    C

This project currently provides a set of modules that enable the use of smartcard based authentication amp; digital signature security services. It also interact with the OpenCA project to provide a smartcard-based PKI.

sapient - Secure API Toolkit

  •    PHP

Sapient secures your PHP applications' server-to-server HTTP(S) traffic even in the wake of a TLS security breakdown (compromised certificate authority, etc.). Sapient allows you to quickly and easily add application-layer cryptography to your API requests and responses. Requires PHP 7.

PHPki Digital Certificate Authority

  •    PHP

PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance. With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled e-mail clients, SSL servers, and VPN applications.

easy-rsa - easy-rsa - Simple shell based CA utility

  •    Shell

easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, this means to create a root certificate authority, and request and sign certificates, including sub-CAs and certificate revocation lists (CRL). If you are looking for release downloads, please see the releases section on GitHub. Releases are also available as source checkouts using named tags.

certstrap - Tools to bootstrap CAs, certificate requests, and signed certificates.

  •    Go

A simple certificate manager written in Go, to bootstrap your own certificate authority and public key infrastructure. Adapted from etcd-ca.certstrap is a very convenient app if you don't feel like dealing with openssl, its myriad of options or config files.

ssh-cert-authority - An implementation of an SSH certificate authority.

  •    Go

A democratic SSH certificate authority. Operators of ssh-cert-authority want to use SSH certificates to provide fine-grained access control to servers they operate, keep their certificate signing key a secret and not need to be required to get involved to actually sign certificates. A tall order.

PHP Certificate Authority

  •    PHP

You could be doing a better job of website security... If only there was a simple way to implement SSL with signed keys? PHP-CA is an easy to use and easy to administer Certificate Authority that runs in PHP.

Digital Wallet

  •    DotNet

e-Wallet is a WPF application that allows you to store sensitive information such as online banking accounts or user names and passwords, and protect all of that information securely with a single password or a digital certificate.

Assinador Digital (Digital Signature Utility)

  •    DotNet

Com poucos cliques e de modo simples e fácil, esta aplicação realiza processos de visualização, inclusão, remoção e validação de assinaturas digitais em lotes de documentos que utilizam a Open Packaging Convention (OPC).

Certificate Expiration Alerter

  •    CSharp

Windows Certificate Authority (CA) / Certificate Expiration Alerting