A collection of FreeBSD ports for the OpenXPKI suite - Perl based trustcenter software for PKI: server and client parts along with deployment tools:

  • p5-openxpki: core for server part
  • p5-openxpki-client: base class for actual clients
  • p5-openxpki-i18n: internationalization of the user interface
  • p5-openxpki-client-html-mason: web interface to local OpenXPKI daemon
  • p5-openxpki-client-scep: set of SCEP tools
  • p5-openxpki-deployment: set of deployment tools

Dependencies of OpenXPKI ports ("A → B" means that port B depends on port A):

p5-openxpki-client  ←  p5-openxpki (server) →  p5-openxpki-i18n
             \       |  p5-openxpki-client-html-mason,
               \ →  |  p5-openxpki-client-scep, p5-openxpki-deployment.


  • To get a working server it is recommended to install deployment port too. Do not forget to undergo deployment procedure itself (by hand).
  • For effective use of deployment, it is recommended to install html-mason client.
  • I18n is needed for the English interface as well.

Ports registered with the FreeBSD ports collection

OpenXPKI is included into the distribution of the basic FreeBSD system as a suite of regular ports under the FreeBSD names


These ports embrace all tools of openxpki (server-side, client-side, deployment, i18n).

You have to undergo subsequent deployment stage by hand. This will specify the role, which your computer plays in the PKI infrastructure. </p>

It is very much NOT recommended to copy only ports security/p5-openxpki* onto your computer, if you wish to install them. These ports depend on dozens of other ports. Thus it is essential to have the entire port collection (present on your computer) in a self-consistent state and in accord with your base system.

Recommended procedure to make use of the ports is:

  • Get/upgrade the entire ports collection as described in a FreeBSD Handbook.
  • cd /usr/ports/ports-mgmt/portmaster && make reinstall clean
    /usr/local/sbin/portmaster security/p5-openxpki-client-html-mason
    /usr/local/sbin/portmaster security/p5-openxpki-deployment
    /usr/local/sbin/portmaster security/p5-openxpki-i18n
    (Appropriate tarballs of openxpki will be fetched automatically. Alternatively, you can fetch tarballs of openxpki by hand and place them into /usr/ports/distfiles/openxpki/)
  • Install your favorite database (enable utf-8 support if needed) and web server.
  • Perform deployment procedure for openxpki in a regular way. When asked for the name of the "openxpki user" answer "openxpki", and do not forget to add a line: "User openxpki" to the zone of your OpenXPKI-related (virtual) web server in your Apache configuration file.

Just in case: FreeBSD employs one and the same port collection in ALL (stable, current, legacy) versions of FreeBSD.

Ports for Last Midnight Snapshot of the OpenXPKI development code

Are built nightly by an intellectual script. Awailable from the Last Midnight Snapshot page.

Ports for current svn snapshot of the OpenXPKI development code

If you are impatient and want to play with more recent snapshots of openxpki, you may try

  • svn update,
  • update your ports collection (see above),
  • cd .../trunk/package/freebsd
  • run the script build-dist-and-update-checksums.sh. This will build tarballs and place them into .../trunk/package/freebsd/usr/ports/distfiles/openxpki/. Then it will also modify files:
    .../trunk/package/freebsd/usr/ports/security/p5-openxpki*/Makefile. Checksums for tarballs will be updated too.
  • Then for each port run the script update-port.sh _name_of_port_. This will update file pkg-plist related to the port.

You should end up with updated collection of ports, which are located inside your svn snapshot:

Please note, that thus modified ports may still need manual trimming. Especially if new 3-rd party’s dependencies were added to the code. </p>

If you find issues with these FreeBSD ports, please report to the openxpki-users mailing list.