Getting StartedUnderstanding PKICertificate AuthoritiesIssuing CertificatesCertificate LifecycleOCSPACME ProtocolAPI AccessMCP IntegrationWorkspaces

MCP Integration

Certman supports the Model Context Protocol (MCP), allowing AI assistants like Claude to manage certificates on your behalf.

Connecting with OAuth

MCP clients with OAuth support (e.g. Claude Desktop) can connect without an API key. Only the MCP server URL is needed — the client handles OAuth discovery automatically:

{
  "mcpServers": {
    "certman": {
      "url": "https://mcp.certman.app"
    }
  }
}

On first use, the client opens a browser where you authorize access by selecting a workspace and granting per-CA permissions. For more control, you can pre-register OAuth clients in your workspace settings under OAuth Clients.

Connecting with an API Key

Add Certman as an MCP server in your AI tool's configuration using your API key:

{
  "mcpServers": {
    "certman": {
      "url": "https://mcp.certman.app",
      "headers": {
        "Authorization": "Bearer cm_xxxxxxxxxxxx"
      }
    }
  }
}

Available Tools

Once connected, your AI assistant can use these tools:

  • whoami — Check current API key identity and permissions
  • list_cas — List available certificate authorities (supports filtering by type and parent)
  • get_ca — Get details of a specific CA
  • get_ca_chain — Get the full certificate chain from a CA to root
  • list_certificates — List issued certificates
  • get_certificate — Get certificate details
  • issue_certificate — Issue a new certificate
  • revoke_certificate — Revoke a certificate
  • renew_certificate — Renew a certificate

Passphrase-Protected CAs

For CAs protected with a passphrase, include the caPassphrase parameter when using issue_certificate, revoke_certificate, or renew_certificate. The AI assistant will prompt you for the passphrase if it's required but not provided.