gnoMint allows any person to run a Certification Authority, creating certificates for any purpose: e-mail signing and/or crypting; TLS authentication through web, VPNs or other protocols; secured web-servers... Its development was started due to the lack of a 'just-works' CA software: creating a CA from zero, through open-source command-line utilities, was possible, but was unconfortable to remember all the neccessary parameters. And you had to create a difficult configuration file. So here it is gnoMint, and it will help you all systems and network administrators to deploy a Certification Authority very easily. Currently, gnoMint allows:
- Creating all the infrastructure to keep and run a Certification Authority, saved in only one file.
- Create Certification Signing Requests, allowing to export them to PKCS#8 files, so they can be send to other CAs.
- Create X.509 certificates, with a usual set of subject-parameters.
- Export certificates and private keys to PEM files, so they can be used by external applications.
- For each CA, establish a set of policies for certificate generation.
- Import CSRs made by other applications
- Export PKCS#12 structures, so the certificates can be imported easily by web and mail clients.
- Revoke certificates, and generate the corresponding CRLs
- Allow the possibility of keeping the CA private key, or other private keys, in external files or devices (as USB drives)
- Allow the management of a whole hierarchy of CAs, with their respectives certificates.
- Import pre-existing Certification Authorities, with all their data.
- Allow an easy CA operation from command-line tools, for batch certificate creation, or integration with other utilities.
There are some features that will be added to gnoMint in future releases:
- Manage certificates identified by alternative IDs, or multiple IDs.
The development of gnoMint will not cease after acheiving this features. You can propose new features!