SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 PKI Open-Source Projects
-
certificates
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
AutomatedLab
AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2022, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.
-
certify
Professional ACME Client for Windows. Certificate Management UI, powered by Let's Encrypt and compatible with all ACME v2 CAs. Download from certifytheweb.com
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
PKI.js
PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
-
Locksmith
A small tool built to find and fix common misconfigurations in Active Directory Certificate Services. (by TrimarcJake)
-
ejbca-ce
EJBCA® – Open-source public key infrastructure (PKI) and certificate authority (CA) software.
-
pki
The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
-
labca
A private Certificate Authority for internal (lab) use, based on the open source ACME Automated Certificate Management Environment implementation from Let's Encrypt (tm).
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: OpenVPN server in a Docker container complete with an EasyRSA PKI CA | news.ycombinator.com | 2024-03-30
You can roll your own with https://github.com/smallstep/certificates. We maintain major open source projects and contribute a lot to other projects. I don’t think that means everything we do has to be open source. Sorry this one wasn’t. Doing this in pure open source would be a book, not a blog post.
Love Let’s Encrypt — we’re sponsors — but using them for WiFi is a terrible idea. You need internal PKI for WiFi.
There's no reason you couldn't run your own ACME server (the Let's Encrypt folk publish an open source one, boulder, but there's plenty of others). Then you can just use certbot in your VMs to manage certificates, configured to point to your CA server instead of the Let's Encrypt one.
Project mention: Why use OpenID Connect instead of plain OAuth2? | news.ycombinator.com | 2023-06-27You can start with: https://github.com/kdeldycke/awesome-iam . But beware of the rabbit hole!
Project mention: Seeking Guidance: SSL Certification for a Local Server in Windows 2019 Data Center Environment | /r/sysadmin | 2023-05-23Option 2+: If your public DNS is hosted by a provider that has Win-ACME or Certify the Web support, use Let's Encrypt and automate the whole thing.
- https://github.com/cloudflare/circl
Project mention: SSLMate/Certspotter: Certificate Transparency Log Monitor | news.ycombinator.com | 2023-11-02
Project mention: NIST: Personal Identity Verification (PIV) of Federal Employees and Contractors | news.ycombinator.com | 2024-03-23PuTTY-CAC was an interesting, although imperfect solution to using PIV/CAC cards together with SSH. I remember piloting it from 2013-2014 at an agency. Back then, it was maintained by Dan Risacher[0]. Nowadays it is maintained on GitHub[1] and adopted some interesting features like FIDO.
[0] https://risacher.org/putty-cac/
[1] https://github.com/NoMoreFood/putty-cac
Project mention: Building a decentralized name system on top of IRC | news.ycombinator.com | 2023-12-25
For my scope the PS module is enough. https://github.com/PKISolutions/PSPKI
The Swedes also started their own from-scratch implementation, known as Heimdal (https://github.com/heimdal/heimdal), which has a bunch of nifty things in it including a from-scratch PKIX/x.509 implementation and a from-scratch ASN.1 compiler and library.
Project mention: I looked through attacks in my access logs. Here's what I found | news.ycombinator.com | 2024-01-28Was looking into Certificate Transparency logs recently. Are there any convenient tools/methods for querying CT logs? i.e. search for domains within a timeframe
Cloudflare’s Merkle Town[0] is useful for getting overviews, but I haven’t found an easy way to query CT logs. ct-woodpecker[1] seems promising, too
[0] https://ct.cloudflare.com/
[1] https://github.com/letsencrypt/ct-woodpecker
PKI related posts
-
OpenVPN server in a Docker container complete with an EasyRSA PKI CA
-
SSLMate/Certspotter: Certificate Transparency Log Monitor
-
Last Chance to Fix EIDAS (Mozilla)
-
Encrypted traffic interception on Hetzner and Linode targeting Jabber service
-
AD CS management tools
-
[Docker] Meilleur conteneur VPN?
-
Pentester PSA: Check your Active Directory Certificate Services (AD CS) For Vulnerabilities
-
A note from our sponsor - SaaSHub
www.saashub.com | 2 May 2024
Index
What are some of the best open-source PKI projects? This list will help you:
Project | Stars | |
---|---|---|
1 | docker-openvpn | 8,541 |
2 | certificates | 6,154 |
3 | boulder | 4,981 |
4 | Certipy | 2,130 |
5 | AutomatedLab | 1,939 |
6 | awesome-iam | 1,571 |
7 | certify | 1,450 |
8 | PKI.js | 1,214 |
9 | debops | 1,188 |
10 | CIRCL | 1,182 |
11 | certspotter | 913 |
12 | Locksmith | 684 |
13 | noosphere | 638 |
14 | ejbca-ce | 523 |
15 | putty-cac | 448 |
16 | KadNode | 404 |
17 | sharkey | 391 |
18 | PSPKI | 359 |
19 | pki | 320 |
20 | heimdal | 312 |
21 | labca | 287 |
22 | ct-woodpecker | 172 |
23 | IsoApplet | 158 |
Sponsored