You are here


gnoMint allows any person to run a Certification Authority, creating certificates for any purpose: e-mail signing and/or crypting; TLS authentication through web, VPNs or other protocols; secured web-servers... Its development was started due to the lack of a 'just-works' CA software: creating a CA from zero, through open-source command-line utilities, was possible, but was unconfortable to remember all the neccessary parameters. And you had to create a difficult configuration file. So here it is gnoMint, and it will help you all systems and network administrators to deploy a Certification Authority very easily. Currently, gnoMint allows:

  • Creating all the infrastructure to keep and run a Certification Authority, saved in only one file.
  • Create Certification Signing Requests, allowing to export them to PKCS#8 files, so they can be send to other CAs.
  • Create X.509 certificates, with a usual set of subject-parameters.
  • Export certificates and private keys to PEM files, so they can be used by external applications.
  • For each CA, establish a set of policies for certificate generation.
  • Import CSRs made by other applications
  • Export PKCS#12 structures, so the certificates can be imported easily by web and mail clients.
  • Revoke certificates, and generate the corresponding CRLs
  • Allow the possibility of keeping the CA private key, or other private keys, in external files or devices (as USB drives)
  • Allow the management of a whole hierarchy of CAs, with their respectives certificates.
  • Import pre-existing Certification Authorities, with all their data.
  • Allow an easy CA operation from command-line tools, for batch certificate creation, or integration with other utilities.


There are some features that will be added to gnoMint in future releases:

  • Manage certificates identified by alternative IDs, or multiple IDs.

The development of gnoMint will not cease after acheiving this features. You can propose new features!