Built by an engineer, for engineers
Certman exists because internal TLS should be boring infrastructure, not a constant source of friction.
I've been building software for most of my life. Early on, I learned something that still shapes how I work: powerful systems can feel intuitive. The best tools are the ones you don't have to think about.
Over the years, I've built products, systems, and infrastructure. I co-founded Make (formerly Integromat), a visual automation platform used by hundreds of thousands of teams worldwide. I'm also the author of vm2 and node-mssql — open-source projects used by millions of developers.
Alongside that, I've spent years running services in my own home lab, experimenting, breaking things, and rebuilding them better.
Running infrastructure teaches you humility. Certificates expire. Trust chains fail. Small configuration mistakes cascade into real outages. PKI isn't glamorous — but when it breaks, everything depending on it breaks too.
Managing a certificate authority with raw OpenSSL has always felt heavier than it should be. It's powerful and flexible, but also fragile and unnecessarily complex for everyday internal use. I wanted something clearer. Something predictable. Something designed with intention.
Certman was born from that frustration.
The goal is simple: make certificate management invisible — without sacrificing control, correctness, or trust. No magic. No black boxes. Just clean, reliable PKI for people who care about their infrastructure.
The Philosophy
Simplicity first
Complex problems deserve simple solutions. Every feature should reduce friction, not add it.
Real control
You are the authority. Your CA, your keys, your rules. Zero-trust mode means we can't issue without you.
Automation-ready
REST API, MCP for AI tools, CLI-friendly. Integrate however you work.
Open source on GitHub
Explore our CLI and TypeScript SDK. Contributions and feedback are always welcome.
github.com/certman