Root & Intermediate CAs
Create root CAs with configurable key algorithm and certification depth. Issue intermediate CAs with depth validation enforced against root policy.
GPLv3 • Django • Development Preview
PKI Workbench
A Django-based certificate authority management tool for building and operating private PKI workflows. Root and intermediate CAs, end-entity issuance, certificate profiles, and a REST API — without OpenSSL scripting or commercial CA overhead.
Root+
Intermediate CA support
REST
Full API + OpenAPI schema
Dev
Currently in development preview
Development Preview: PKI Workbench is actively developed and suitable for evaluation and internal prototyping. Production hardening — secret management, strict TLS config, production database, and security review — is required before production deployment.
Platform Capabilities
A complete private CA workflow in a single Django application.
End-Entity Certificate Issuance
Issue end-entity certificates with full control over key algorithm, key size, curve, SAN DNS entries, Key Usage, and Extended Key Usage.
Certificate Profiles
Define reusable issuance policies with key and extension defaults, optional subject constraints, and auto-fill on the issue form. Derive a profile directly from an existing certificate.
Certificate Artifact Downloads
Download public cert, cert chain, CSR, and cert/key bundle ZIP from a dedicated certificate detail page. Consistent filename conventions across all artifacts.
REST API & OpenAPI Schema
Full REST API covering CAs, certificates, profiles, and workflows. OpenAPI schema at /api/schema/ for integration with CI/CD pipelines and automation tooling.
Dashboard & Trust Chain View
Home dashboard with CA and certificate counts, certificates approaching expiration, and a recursive clickable CA hierarchy. Searchable CA and profile selectors throughout.
Who It’s Built For
Teams that need a private CA but don’t need the complexity of a commercial PKI platform.
Security & Infrastructure Teams
Stand up a private CA for internal TLS, mutual authentication, and service-to-service trust — without maintaining a tangle of OpenSSL commands or purchasing a commercial CA platform.
DevOps & Platform Engineering
Integrate with CI/CD pipelines via the REST API to automate certificate issuance and renewal for containerized services, internal APIs, and test environments.
Regulated Environments
Keep certificate issuance entirely on-premises with full audit trails. Control the key lifecycle without third-party CA involvement or cloud dependency.
Available for Evaluation & Early Adoption
PKI Workbench is GPLv3 open source and available now for evaluation. McIndi can assist with deployment planning, production hardening, and custom integrations as the project matures toward general availability.