Root & Intermediate CAs
Create root CAs with configurable key algorithm and certification depth. Issue intermediate CAs with depth validation enforced against root policy.
A Django-based certificate authority management tool for building and operating private PKI workflows. Root and intermediate CAs, end-entity issuance, certificate profiles, and a REST API — without OpenSSL scripting or commercial CA overhead.
A complete private CA workflow in a single Django application.
Create root CAs with configurable key algorithm and certification depth. Issue intermediate CAs with depth validation enforced against root policy.
Issue end-entity certificates with full control over key algorithm, key size, curve, SAN DNS entries, Key Usage, and Extended Key Usage.
Define reusable issuance policies with key and extension defaults, optional subject constraints, and auto-fill on the issue form. Derive a profile directly from an existing certificate.
Download public cert, cert chain, CSR, and cert/key bundle ZIP from a dedicated certificate detail page. Consistent filename conventions across all artifacts.
Full REST API covering CAs, certificates, profiles, and workflows. OpenAPI schema at /api/schema/ for integration with CI/CD pipelines and automation tooling.
Home dashboard with CA and certificate counts, certificates approaching expiration, and a recursive clickable CA hierarchy. Searchable CA and profile selectors throughout.
Teams that need a private CA but don’t need the complexity of a commercial PKI platform.
Stand up a private CA for internal TLS, mutual authentication, and service-to-service trust — without maintaining a tangle of OpenSSL commands or purchasing a commercial CA platform.
Integrate with CI/CD pipelines via the REST API to automate certificate issuance and renewal for containerized services, internal APIs, and test environments.
Keep certificate issuance entirely on-premises with full audit trails. Control the key lifecycle without third-party CA involvement or cloud dependency.
PKI Workbench is GPLv3 open source and available now for evaluation. McIndi can assist with deployment planning, production hardening, and custom integrations as the project matures toward general availability.