💡 摘要
一个基于网络的应用程序,用于管理X.509数字证书和PKI基础设施。
🎯 适合人群
🤖 AI 吐槽: “看起来很能打,但别让配置把人劝退。”
风险:Medium。建议检查:是否执行 shell/命令行指令;是否发起外网请求(SSRF/数据外发);文件读写范围与路径穿越风险。以最小权限运行,并在生产环境启用前审计代码与依赖。
PKI Manager
A modern, web-based Public Key Infrastructure management application for securely generating, issuing, managing, and revoking X.509 digital certificates.
Overview
PKI Manager provides complete control over your Private Key Infrastructure without relying on external certificate authorities. Perfect for enterprises, home labs, and development environments that demand full control over their security infrastructure.
Key Highlights
- Self-Hosted PKI: Create and manage your own root Certificate Authorities
- Multi-Type Certificates: Server (TLS/SSL), Client Auth, S/MIME Email, Code Signing
- Secure Key Management: Integration with Cosmian KMS for secure key storage
- Bulk Operations: CSV-based bulk certificate creation and batch operations
- Modern UI: React 19 with light/dark theme support and responsive design
- Type-Safe: End-to-end TypeScript with tRPC for API type safety
Screenshots
Dashboard
Monitor your PKI at a glance with real-time statistics and expiration tracking.
Certificate Authority Management
Create and manage self-signed root CAs with flexible configuration options.
Certificate Management
Issue, manage, and revoke certificates with comprehensive control.
Bulk Operations
Efficient batch certificate creation and management.
Features
Certificate Authority Management
- ✅ Create self-signed root Certificate Authorities
- ✅ Configurable subject fields (CN, O, OU, C, ST, L)
- ✅ Key algorithm selection (RSA-2048, RSA-4096)
- ✅ Flexible validity periods (1-30 years)
- ✅ CA revocation with reason tracking
- ✅ Export in multiple formats (PEM, CRT, DER, CER)
Certificate Issuance & Management
- ✅ Server Certificates - HTTPS/TLS for web servers and APIs
- ✅ Client Certificates - Client authentication and mTLS
- ✅ Email (S/MIME) - Email encryption and signing
- ✅ Code Signing - Software and code signing
- ✅ Subject Alternative Names (DNS, IP Address, Email)
- ✅ Advanced key algorithms (RSA-2048/4096, ECDSA-P256/P384)
- ✅ Certificate renewal with same parameters
- ✅ Revocation with standard reasons (keyCompromise, superseded, etc.)
- ✅ Comprehensive certificate details view
Export & Download
- ✅ Multiple formats: PEM, CRT, DER, CER
- ✅ Certificate chains (PEM Chain)
- ✅ PKCS#7 (P7B)
- ✅ PKCS#12 with private key (PFX, P12) - password protected
- ✅ Java KeyStore (JKS)
- ✅ Batch download (all formats as ZIP)
- ✅ Security warnings for private key exports
Bulk Operations
- ✅ CSV-based bulk certificate creation
- ✅ Flexible field mapping with optional parameters
- ✅ SAN auto-detection (email, IP, DNS)
- ✅ Batch download multiple certificates
- ✅ Bulk renewal for expiring certificates
- ✅ Batch revocation with reason
- ✅ Multi-select deletion
Monitoring & Alerts
- ✅ Real-time dashboard with PKI statistics
- ✅ Expiration tracking with visual indicators
- ✅ "Expiring Soon" widget (configurable threshold)
- ✅ Color-coded status badges (active, revoked, expired)
- ✅ Automatic status updates based on validity periods
Search & Filtering
- ✅ Search by Common Name or SAN
- ✅ Filter by issuing CA (with persistence)
- ✅ Filter by status (active/revoked/expired)
- ✅ Filter by certificate type
- ✅ Sortable tables with instant results
Security
- ✅ Cosmian KMS integration for secure key storage
- ✅ Private keys never stored unencrypted locally
- ✅ Password-protected private key exports
- ✅ Audit logging for all operations
- ✅ Revocation tracking with detailed reasons
- ✅ Secure key pair generation (RSA, ECDSA)
User Experience
- ✅ Modern, responsive UI with card-based layout
- ✅ Light/Dark theme with system detection
- ✅ Sample data generators for quick testing
- ✅ Form validation with helpful error messages
- ✅ Contextual action buttons
- ✅ Real-time status updates
Architecture
This is a monorepo project with two main packages:
pki-manager/
├── backend/ # Node.js/Fastify API server
├── frontend/ # React 19 SPA
├── assets/ # Screenshots and images
└── tests/ # E2E screenshot tests
Technology Stack
Backend
- Framework: Fastify 5.2 (high-performance HTTP server)
- API Layer: tRPC v11 (end-to-end type safety)
- Database: SQLite with better-sqlite3 (embedded, portable)
- ORM: Drizzle ORM 0.36 (type-safe SQL)
- Validation: Zod 3.24 (schema validation)
- KMS: Cosmian KMS (secure key management)
- Testing: Vitest 2.1
- Runtime: Node.js 20+
Frontend
- Framework: React 19.2
- Routing: TanStack Router 1.133 (file-based, type-safe)
- State Management: TanStack Query 5.90 (server state)
- API Client: tRPC 11.0 (type-safe RPC)
- Styling: Tailwind CSS 4.1 (utility-first)
- UI Components: shadcn/ui (Radix UI primitives)
- Icons: Lucide React, FontAwesome
- Build Tool: Vite 7.1
Testing
- E2E: Playwright 1.56 (screenshot automation)
Prerequisites
- Node.js >= 20.0.0
- pnpm >= 9.0.0
- Cosmian KMS instance (for secure key storage)
Getting Started
1. Installation
# Install dependencies pnpm install
2. Environment Configuration
# Copy backend environment template cp backend/.env.example backend/.env # Edit backend/.env with your configuration: # - Database path # - Cosmian KMS endpoint and authentication # - Server port (default: 3000)
3. Database Setup
# Run migrations cd backend pnpm db:migrate
4. Start Development Servers
# Start both backend and frontend (from root) pnpm dev
This will start:
- Backend API at http://localhost:3000
- Frontend at http://localhost:5173
5. Build for Production
# Build both packages pnpm build # Start production servers cd backend && pnpm start # Backend cd frontend && pnpm preview # Frontend preview
Available Scripts
Root (Workspace)
pnpm dev # Start both backend and frontend in dev mode pnpm build # Build both packages for production pnpm test # Run tests in all packages pnpm typecheck # Type check all packages pnpm lint # Lint all packages pnpm clean # Clean all build artifacts and node_modules pnpm test:screenshots # Run Playwright screenshot tests
Backend
pnpm dev # Start dev server with hot reload pnpm build # Build for production pnpm start # Start production server pnpm test # Run Vitest tests pnpm db:generate # Generate Drizzle migrations pnpm db:migrate # Run database migrations pnpm db:studio # Open Drizzle Studio (DB GUI)
Frontend
pnpm dev # Start Vite dev server pnpm build # Build for production pnpm preview # Preview production build pnpm lint # Run ESLint
Project Structure
pki-manager/
├── backend/
│ ├── src/
│ │ ├── server.ts # Fastify server entry point
│ │ ├── trpc/
│ │ │ ├── router.ts # Main tRPC router
│ │ │ ├── schemas.ts # Zod validation schemas
│ │ │ └── procedures/ # API endpoints by domain
│ │ │ ├── ca.ts # CA management
│ │ │ ├── certificate.ts # Certificate operations
│ │ │ ├── dashboard.ts # Dashboard stats
│ │ │ └── crl.ts # CRL management
│ │ ├── db/
│ │ │ ├── schema.ts # Drizzle ORM schema
│ │ │ ├── index.ts # Database
优点
- 自托管以实现完全控制
- 支持多种证书类型
- 现代UI,响应式设计
- 类型安全的API交互
缺点
- 需要设置Cosmian KMS
- 对初学者可能比较复杂
- 社区支持有限
- 依赖Node.js和pnpm
相关技能
免责声明:本内容来源于 GitHub 开源项目,仅供展示和评分分析使用。
版权归原作者所有 oriolrius.
