Welcome to PKCS11 CA’s documentation!

PKCS11 CA is a Certificate Authority written in python. Keys are stored in an PKCS11 (HSM) device. Default is to use softhsm which is a free software emulated HSM. PKCS11 CA offers a simple and intuitive API including ACME and CMC.

Note

This project is under active development.

Please start at the usage guide

For hacking / Internal API

Indices and tables

• Index

• Module Index

• Search Page

Contents

• Features
  • Design philosophy
  • PKCS11 key storage
  • ACME
  • CMC
  • Elegant management API
• Requirements
• Configuration
  • Environment variables
  • Config file
• Usage
  • Installation
  • Start a container in the CA’s docker network
  • Using an ACME client with the PKCS11 CA
  • Retrieving the issuer for a certificate
  • Retrieving the CRL for the issuer of a certificate
  • OCSP
  • CMC requests
  • Using the management API
  • Logging
  • Backups
  • Start / Stop / Restart the system
  • Completely reset the system