A self-service web UI for for generating and distributing S/MIME certificates and SSL/TLS certs using Certy.
- 🔐 Automated S/MIME certificate generation using Certy CLI
- 📧 Email delivery of certificates as password-protected PKCS#12 (.pfx) files
- 🌐 Domain-restricted access (configurable whitelist)
- 🎨 Clean, user-friendly web interface
- 🔒 Secure certificate storage and handling
- 📋 Comprehensive installation instructions included in emails
- Node.js 22+ and npm
- Certy CLI (Installation instructions)
- OpenSSL (for PKCS#12 conversion)
- SMTP server access (for sending certificates)
The easist way to get started is to use the docker-compose.yml.
git clone https://github.com/chriskacerguis/certyweb.git
cd certyweb
docker compose up -d| Variable | Description | Default |
|---|---|---|
CERTY_PATH |
Path to certy binary | certy |
CA_DIR |
Custom CA directory | ~/.certy |
VALIDITY_DAYS |
Certificate validity in days | 365 |
ALLOWED_DOMAINS |
Comma-separated allowed domains | domain.com |
SMTP_HOST |
SMTP server hostname | - |
SMTP_PORT |
SMTP server port | 587 |
SMTP_SECURE |
Use TLS | false |
SMTP_USER |
SMTP username | - |
SMTP_PASS |
SMTP password | - |
PORT |
Web server port | 3000 |
CERT_DIR |
Certificate output directory | ./certs |
- CA private keys are not password protected
- PKCS#12 files use generated passwords
- All private keys are stored in plain text
Do not use this for production certificates or security-critical applications.
For production use cases, consider using a proper Certificate Authority service.
MIT
- Built with Certy - Simple Certificate Authority CLI
- Uses Express.js, Nodemailer, and OpenSSL