OpenXPKI An open, enterprise-grade PKI/Trustcenter
We are currently migrating the old website to Github and this pages contains a lot of dead links and inaccurate information. The team is also working hard to prepare a "1.0" release hopefully available at the end of 2013. If you want to test our current development head, be advised to use only the information found at https://openxpki.readthedocs.org/en/latest/quickstart.html.
The core system and the new config layer is mostly working, the SCEP server is working but lacks any kind of useful configuration and the UI has some ugly bugs. Feel free to ask for support on the mailinglist at email@example.com.
The OpenXPKI Project has created an enterprise-grade PKI/Trustcenter software that supports well-established infrastructure components like RDBMS and Hardware Security Modules. Flexibility and modularity are the project’s key design objectives.
Unlike many other OpenSource PKI projects OpenXPKI offers powerful features necessary for professional environments that are usually only found in commercial grade PKI products. (If you have ever wondered what could be done to provide continuous operation of a PKI without having to struggle with the system every time your CA certificate expires, OpenXPKI is probably the right thing for you.)
However, we also target small scale installations by providing quick-start configuration examples that allow to get a usable PKI running quickly.
OpenXPKI runs on most Unix-like operating system (verified on
FreeBSD, Linux, Solaris/OpenSolaris and Mac OS X).
Database backends exist for MySQL, PostgreSQL, Oracle and DB2.
OpenXPKI also integrates with the RT Request Tracker and supports nCipher's nShield Hardware Security Modules.
- Architecture White Paper available
- The OpenXPKI Team has compiled a White Paper on the architecture and key features of the OpenXPKI software. The paper is available as a PDF Document here and outlines the architecture of the system. Development follows the concepts described there closely.
- 08 Mar 2012 » OpenXPKI Release 0.10.0
- 08 Mar 2012 » Git Workflow
- 08 Mar 2012 » About the website
- 14 Jan 2009 » Improved Apache Support
- 14 Aug 2008 » OpenXPKI Wiki created
- 29 Jul 2008 » IRC channel #openxpki on freenode created
- 15 May 2008 » OpenXPKI Live (beta) affected by Debian OpenSSL bug
- 04 Jan 2008 » New OpenXPKI Live (beta) released
- 06 Sep 2007 » OpenXPKI Live (beta) released
- 22 Jun 2007 » Workflow ACLs
- 12 Jun 2007 » Configuration versioning
- 09 May 2007 » Automatic generation of random passwords during deployment
- 09 May 2007 » Support for local changes to translation files
- 07 May 2007 » Automated testing reports
- 17 Apr 2007 » Template-based certificate subject generation
- 02 Mar 2007 » Browser-based approval using digital signatures
- 09 Feb 2007 » Notification framework and Request Tracker interface
- 02 Feb 2007 » Certificate revocation request workflow and interface functional
- 26 Jan 2007 » First successful production deployment of OpenXPKI
- 27 Dec 2006 » Talk at the 23rd Chaos Communication Congress, Berlin
- 14 Nov 2006 » Anonymous interface completed (incl. some style changes)
- 11 Nov 2006 » SCEP support for initial enrollment and renewal committed
- 21 Sep 2006 » First version of a data exchange committed
- 20 Sep 2006 » First documentation of the crypto layer concept published
- 05 Sep 2006 » First working workflows: CRL generation, CSR, certificate issuance
- 30 May 2006 » The project officially migrated from BerliOS to SourceForge.net
- 12 May 2006 » First version of support for GOST algorithms works
- 06 Apr 2006 » First version of a CLI framework committed
- 30 Mar 2006 » Automatic CA rollover works
- 21 Feb 2006 » Validity specification for certificate and CRL profiles finished
- 09 Dec 2005 » Authentication and ACL framework is complete
- 20 Oct 2005 » OpenXPKI project kickoff
Security advisories are listed in a dedicated section, in order to make it possible to publish updated advisories there as well.
OpenXPKI is currently under development. There are no official releases yet.
This site is still unfinished. If you’d like to be added as a contributor, please fork!
We need to migrate content from the old website and clean up the theme.