An Offline Certificate Authority
IRON is a collection of scripts that implement an offline Certification Authority for signing intermediate CA and leaf certificates.
It is meant to be used to create client certificate for mTLS authentication in order to espose secure endpoints over the broader network and your private LAN.
Certificate Authority and client certificates are generated storage is file-based.
If you are looking for an online CA, or a way to implement one, you might find useful cert-signer
cd cert-signer
mvn clean install
iron ca create
You can use iron to sign client certificates with your CA
$iron certificate <sign> <service> <CSR-file>
$ iron
Usage: iron <command> [<args>]
Some useful iron commands are:
ca manage CA
certificate create certificates
client manage CSR for certificates creation
commands List all iron commands
debug manage CA
keystore create and show contents of java keystore
pkcs12 create *.p12 keystore
service manage service/server certificate creation
The code is freely available under GPL License see: COPYING
Additional commercial support and licensing is available on request. Just issue a support request and mention you are interested in iron
$ git clone https://code.kevwe.com/git/iron.git