Serles-ACME is a small (1300 LoC) Python ACME server that you can hook up to your existing PKI. We have written an adaptor for the Free-as-in-Freedom and Free-as-in-Beer EJBCA Community Edition, or you can write one for your PKI in about 10-20 lines (patches/pulls very welcome).
We are DVTirol[1], the IT provider for the federal government of the state of Tyrol, Austria, and have developed this tool for our internal use, and have been running it for some time now for our servers. And given that the existing solutions are prohibitively expensive[2] or not available[3] at all, we decided to make the source available for you to profit from it, too!
The documentation, including setup instructions for Serles-ACME and EJBCA, live at https://serles-acme.readthedocs.io/ . We intend to provide a CI/CD pipline for unit testing and pypi-publishing[4] after the holidays (unit test coverage is already at 100%), so stay tuned for that.
Who this is for:
- You want to build up you own PKI, either for company or home use
- You want to automate the issuing process for all your devices/servers
- You already using another PKI Software and want to use certbot with it
Please let us know if you're using it, or contribute backend adaptors for your PKI!
Happy Holidays, HN!
Serles-ACME is a small (1300 LoC) Python ACME server that you can hook up to your existing PKI. We have written an adaptor for the Free-as-in-Freedom and Free-as-in-Beer EJBCA Community Edition, or you can write one for your PKI in about 10-20 lines (patches/pulls very welcome).
We are DVTirol[1], the IT provider for the federal government of the state of Tyrol, Austria, and have developed this tool for our internal use, and have been running it for some time now for our servers. And given that the existing solutions are prohibitively expensive[2] or not available[3] at all, we decided to make the source available for you to profit from it, too!
The documentation, including setup instructions for Serles-ACME and EJBCA, live at https://serles-acme.readthedocs.io/ . We intend to provide a CI/CD pipline for unit testing and pypi-publishing[4] after the holidays (unit test coverage is already at 100%), so stay tuned for that.
Who this is for:
- You want to build up you own PKI, either for company or home use
- You want to automate the issuing process for all your devices/servers
- You already using another PKI Software and want to use certbot with it
Please let us know if you're using it, or contribute backend adaptors for your PKI!
[1]: https://dvt.at
[2]: e.g. EJBCA Enterprise: "if you have to ask, you can't afford it"
[3]: smallstep's ACME is still in early access, and no pricing either
[4]: https://pypi.org/project/serles-acme/