Openxpki - Manage Keys and Certificate

  •        52

The OpenXPKI project has the vision to publish a software stack that provides all necessary components to manage keys and certificates primarily based on the X509v3 cryptography standard.

  • WebUI compatible with all major browsers
  • Ready-to-run example config included
  • Support for SCEP (Simple Certificate Enrollment Protocol)
  • Easy adjustment of workflows to personal needs
  • Run multiple separate CAs with a single installation, automated rollover of CA generations
  • Can use Hardware Security Modules (e. g. Thales HSMs) for crypto operations
  • Issue certificates with public trusted CAs (e. g. SwissSign, Comodo, VeriSign)
  • Based on OpenSSL and Perl, runs on most *nix platforms
  • 100% Open Source, commercial support available



Related Projects

Dogtag - Certificate System

The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more. It supports Certificate issuance, revocation, and retrieval, Certificate Revocation List (CRL) generation and publishing, Encryption key archival and recovery and lot more.

Confidant - Your Secret Keeper. Stores secrets in DynamoDB, encrypted at rest.

Confidant is a open source secret management service that provides user-friendly storage and access to secrets in a secure way, from the developers at Lyft. Confidant stores secrets in an append-only way in DynamoDB, generating a unique KMS data key for every revision of every secret, using Fernet symmetric authenticated cryptography.

Vault - A tool for managing secrets

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Vault presents a unified API to access multiple backends: HSMs, AWS IAM, SQL databases, raw key/value, and more.

Ejbca - PKI Certificate Authority software

EJBCA is an enterprise class PKI Certificate Authority software. It supports SSL/TLS, Smart card logon to Windows and/or Linux, Signing and encrypting email (SMIME), Mobile PKI, Secure mobile networks and lot more.

Keywhiz - A system for distributing and managing secrets

Keywhiz is a system for managing and distributing secrets. Keywhiz servers in a cluster centrally store secrets encrypted in a database. Clients use mutually authenticated TLS (mTLS) to retrieve secrets they have access to. Authenticated users administer Keywhiz via CLI or web app UI. To enable workflows, Keywhiz has automation APIs over mTLS and support for simple secret generation plugins.

Cryptlib - provides Encryption and Authentication Service

cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

OpenCA - PKI Management Software

The OpenCA PKI Development Project is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. The project development is divided in two main tasks: studying and refining the security scheme that guarantees the best model to be used in a CA and developing software to easily setup and manage a Certification Authority.

auth - Istio authentication components

The diagram below shows Istio Auth's architecture, which includes three primary components: identity, key management, and communication security. This diagram describes how Istio Auth is used to secure the service-to-service communication between service 'frontend' running as the service account 'frontend-team' and service 'backend' running as the service account 'backend-team'. Istio supports services running on both Kubernetes containers and VM/bare-metal machines.As illustrated in the diagram, Istio Auth leverages secret volume mount to deliver keys/certs from Istio CA to Kubernetes containers. For services running on VM/bare-metal machines, we introduce a node agent, which is a process running on each VM/bare-metal machine. It generates the private key and CSR (certificate signing request) locally, sends CSR to Istio CA for signing, and delivers the generated certificate together with the private key to Envoy.

Public Key Infrastructure PowerShell module

This module is intended to simplify certain PKI management tasks by using automation with Windows PowerShell.

anchor - An Ephemeral PKI system that can act as a trust anchor for OpenStack PKI operations

Anchor is an ephemeral PKI service that, based on certain conditions, automates the verification of CSRs and signs certificates for clients. The validity period can be set in the config file with hour resolution.A critical capability within PKI is to revoke a certificate - to ensure that it is no longer trusted by any peer. Unfortunately research has demonstrated that the two typical methods of revocation (Certificate Revocation Lists and Online Certificate Status Protocol) both have failings that make them unreliable, especially when attempting to leverage PKI outside of web-browser software.

puppet-module-ssl - SSL key and certificate management for Puppet

SSL key and certificate management for Puppet

WebSC - Web interface for key, certificate and smartcard management

Web interface for key, certificate and smartcard management

etcd - Distributed reliable key-value store for the most critical data of a distributed system

etcd is a distributed, consistent key-value store for shared configuration and service discovery. It is simple, secure, fast and reliable. it uses the Raft consensus algorithm to manage a highly-available replicated log.

Certificate Request (PKCS#10) Generator

A .NET application that can create PKCS#10 Certificate Requests, either by generating a new key or reusing a preexisting one. Minimum requirement : Windows Vista and above. .NET 2.0.

Flock - Private contact and calendar sync for Android.

A secure contact and calendar syncing application for Android.The Android app can be downloaded through Google Play or via our alternative distribution channel. Note that the certificate presented by our alternative distribution channel is signed by the same private certificate authority pinned by Flock's trust store.

Bundle-OpenXPKI - Release history of Bundle-OpenXPKI

Release history of Bundle-OpenXPKI

pkipolicy - Documents for Mozilla's PKI policies - certificate root program, etc.

This repository contains documents relating to Mozilla's PKI policies, such as its certificate root program. The owner of these documents is the Module Owner of the "Mozilla CA Certificate Policy" module. Their contents can be discussed in the forum.You can find out how to apply to be included in Mozilla's root program. There is also a list of included roots.

pki-core - Certificate System - PKI Core Components

Certificate System - PKI Core Components

ipa-pki-theme - Certificate System - IPA PKI Theme Components

Certificate System - IPA PKI Theme Components