A Private CA implementation library
Cert-Signer is a Java library that implements a Private CA, able to sign certificates for client of services within your organization.
It is meant to be used to create client certificate for mTLS authentication of private services within your network.
Certificate Authority and client certificates are generated and stored via a VaultSigningStrategy on a Hashicorp Vault instance.
cd cert-signer
mvn clean install
You should have a Vault instance running, and you should create the following config file: ~/.vault-credentials.cfg with the following environment defined:
export VAULT_ENDPOINT="https://<my-address>/<custom-path>"
export VAULT_TOKEN="hvs.XXXXXXXXXXXXXXXX"
To initialize a custom CA for my-service*
cd cert-signer
./script/initializeCA my-service
You can use the provided script to sign client certificates for your CA
./script/issueCertificate my-service my-client
The code is freely available under GPL License see: COPYING
Additional commercial support and licensing is available on request. Just issue a support request and mention you are interested in cert-signer
$ git clone https://code.kevwe.com/git/cert-signer.git