Openxpki - Manage Keys and Certificate

  •        130

The OpenXPKI project has the vision to publish a software stack that provides all necessary components to manage keys and certificates primarily based on the X509v3 cryptography standard.

  • WebUI compatible with all major browsers
  • Ready-to-run example config included
  • Support for SCEP (Simple Certificate Enrollment Protocol)
  • Easy adjustment of workflows to personal needs
  • Run multiple separate CAs with a single installation, automated rollover of CA generations
  • Can use Hardware Security Modules (e. g. Thales HSMs) for crypto operations
  • Issue certificates with public trusted CAs (e. g. SwissSign, Comodo, VeriSign)
  • Based on OpenSSL and Perl, runs on most *nix platforms
  • 100% Open Source, commercial support available

www.openxpki.org
https://github.com/openxpki/openxpki

Tags
Implementation
License
Platform

   




Related Projects

Dogtag - Certificate System

  •    Java

The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more. It supports Certificate issuance, revocation, and retrieval, Certificate Revocation List (CRL) generation and publishing, Encryption key archival and recovery and lot more.

Confidant - Your Secret Keeper. Stores secrets in DynamoDB, encrypted at rest.

  •    Python

Confidant is a open source secret management service that provides user-friendly storage and access to secrets in a secure way, from the developers at Lyft. Confidant stores secrets in an append-only way in DynamoDB, generating a unique KMS data key for every revision of every secret, using Fernet symmetric authenticated cryptography.

Vault - A tool for managing secrets

  •    Go

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Vault presents a unified API to access multiple backends: HSMs, AWS IAM, SQL databases, raw key/value, and more.

Ejbca - PKI Certificate Authority software

  •    Java

EJBCA is an enterprise class PKI Certificate Authority software. It supports SSL/TLS, Smart card logon to Windows and/or Linux, Signing and encrypting email (SMIME), Mobile PKI, Secure mobile networks and lot more.

Keywhiz - A system for distributing and managing secrets

  •    Java

Keywhiz is a system for managing and distributing secrets. Keywhiz servers in a cluster centrally store secrets encrypted in a database. Clients use mutually authenticated TLS (mTLS) to retrieve secrets they have access to. Authenticated users administer Keywhiz via CLI or web app UI. To enable workflows, Keywhiz has automation APIs over mTLS and support for simple secret generation plugins.


Cryptlib - provides Encryption and Authentication Service

  •    C

cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

OpenCA - PKI Management Software

  •    Javascript

The OpenCA PKI Development Project is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. The project development is divided in two main tasks: studying and refining the security scheme that guarantees the best model to be used in a CA and developing software to easily setup and manage a Certification Authority.

Public Key Infrastructure PowerShell module

  •    

This module is intended to simplify certain PKI management tasks by using automation with Windows PowerShell.

etcd - Distributed reliable key-value store for the most critical data of a distributed system

  •    Go

etcd is a distributed, consistent key-value store for shared configuration and service discovery. It is simple, secure, fast and reliable. it uses the Raft consensus algorithm to manage a highly-available replicated log.

Certificate Request (PKCS#10) Generator

  •    

A .NET application that can create PKCS#10 Certificate Requests, either by generating a new key or reusing a preexisting one. Minimum requirement : Windows Vista and above. .NET 2.0.

Flock - Private contact and calendar sync for Android.

  •    Java

A secure contact and calendar syncing application for Android.The Android app can be downloaded through Google Play or via our alternative distribution channel. Note that the certificate presented by our alternative distribution channel is signed by the same private certificate authority pinned by Flock's trust store.

Flock - Private contact and calendar sync for Android.

  •    Java

A secure contact and calendar syncing application for Android. The Android app can be downloaded through Google Play or via our alternative distribution channel. Note that the certificate presented by our alternative distribution channel is signed by the same private certificate authority pinned by Flock's trust store.

certbot - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server

  •    Python

Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server. Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate is. Certbot and Let’s Encrypt can automate away the pain and let you turn on and manage HTTPS with simple commands. Using Certbot and Let's Encrypt is free, so there’s no need to arrange payment.

Kong - The Microservice API Gateway

  •    Lua

Kong is a cloud-native, fast, scalable, and distributed Microservice Abstraction Layer (also known as an API Gateway, API Middleware or in some cases Service Mesh). Backed by the battle-tested NGINX with a focus on high performance, Kong was made available as an open-source platform in 2015. Under active development, Kong is used in production at thousands of organizations from startups, Global 5000 and Government organizations.

ios-ssl-kill-switch - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps

  •    Objective-C

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps. Once installed on a jailbroken device, iOS SSL Kill Switch patches low-level SSL functions within the Secure Transport API, including SSLSetSessionOption() and SSLHandshake() in order to override and disable the system's default certificate validation as well as any kind of custom certificate validation (such as certificate pinning).

ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps

  •    C

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps. Second iteration of https://github.com/iSECPartners/ios-ssl-kill-switch . Once loaded into an iOS or OS X App, SSL Kill Switch 2 patches specific low-level SSL functions within the Secure Transport API in order to override, and disable the system's default certificate validation as well as any kind of custom certificate validation (such as certificate pinning).

CSRTool

  •    Java

A graphical tool for generating RSA and ECDSA cryptographic key-pairs, creating Certificate Signing Requests (CSRs) from them, and combining the key-pair with an issued digital certificate to create a secure portable container (PKCS12, JKS, JCEKS, etc.).

Zen Cart - A PHP based e-Commerce Shopping Cart Software

  •    PHP

ZenCart is a PHP based e-Commerce Shopping Cart Software. ZenCart is easy to install. Products, Customers, Pricing, Payment and Shipping could be easily managed by administrators. It is built on top of osCommerce. It supports Multiple gateway services, Sales, Discounts, Gift certificate, Audit trail, Newsletter manager, Advertising banners, Tax rate configuration, multiple shipping options and lot more.

Apache Accumulo - Key Value Store based on Google BigTable

  •    Java

The Apache Accumulo sorted, distributed key/value store is a robust, scalable, high performance data storage and retrieval system. Apache Accumulo is based on Google's BigTable design and is built on top of Apache Hadoop, Zookeeper, and Thrift. Apache Accumulo features a few novel improvements on the BigTable design in the form of cell-based access control and a server-side programming mechanism that can modify key/value pairs at various points in the data management process.

trillian - Trillian implements a Merkle tree whose contents are served from a data storage layer, to allow scalability to extremely large trees

  •    Go

Trillian is an implementation of the concepts described in the Verifiable Data Structures white paper, which in turn is an extension and generalisation of the ideas which underpin Certificate Transparency.Note that Trillian requires particular applications to provide their own personalities on top of the core transparent data store functionality; example code for a certificate transparency log and for a log-derived map are included to help with this.





We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.