Cert-Signer

A Private CA implementation library

What it this

Cert-Signer is a Java library that implements a Private CA, able to sign certificates for client of services within your organization.

It is meant to be used to create client certificate for mTLS authentication of private services within your network.

Use Cases

• PKI for your Industrial IOT gateway clients
• Internal zero-trust architecture
• Secure communication between services with mTLS
• Implement a service for enrollment of embedded IOT devices

Special features

Certificate Authority and client certificates are generated and stored via a VaultSigningStrategy on a Hashicorp Vault instance.

How To Build the library

cd cert-signer
mvn clean install

Initialize the CA:

You should have a Vault instance running, and you should create the following config file: ~/.vault-credentials.cfg with the following environment defined:

export VAULT_ENDPOINT="https://<my-address>/<custom-path>"
export VAULT_TOKEN="hvs.XXXXXXXXXXXXXXXX"

To initialize a custom CA for my-service*

cd cert-signer
./script/initializeCA my-service

Use the CA to sign Client Certificates

You can use the provided script to sign client certificates for your CA

./script/issueCertificate my-service my-client

License

The code is freely available under GPL License see: COPYING

Additional commercial support and licensing is available on request. Just issue a support request and mention you are interested in cert-signer

---

$ git clone https://code.kevwe.com/git/cert-signer.git