Internal TLS for the way you work
Certman is your private certificate authority in the cloud — designed to eliminate the complexity of TLS certificate management for home labs, development teams, and internal infrastructure.
Home Lab & Self-Hosted Infrastructure
Running a home lab with Proxmox, Unraid, TrueNAS, or Docker? Stop seeing browser security warnings on your self-hosted services.
Secure NAS and storage servers
Encrypt traffic to Synology, QNAP, TrueNAS, or any NAS with trusted HTTPS
Protect network infrastructure
Issue certificates for pfSense, OPNsense, UniFi, and router admin panels
Enable HTTPS for home automation
Secure Home Assistant, Node-RED, Homebridge, and IoT dashboards
Encrypt media server traffic
Add TLS to Plex, Jellyfin, Emby, and Sonarr/Radarr
Secure development environments
Local Kubernetes clusters, GitLab, Gitea, and CI/CD tools
Developer & DevOps Automation
Integrate certificate issuance directly into your workflows. Certman provides a modern REST API for complete automation.
CI/CD pipeline integration
Automatically issue certificates during deployment with GitHub Actions, GitLab CI, or Jenkins
Infrastructure as Code
Provision certificates via API calls in Terraform, Ansible, or Pulumi scripts
Kubernetes workloads
Generate certificates for internal services, ingress controllers, and service mesh
Development & staging environments
Mirror production TLS configurations without public CA costs
MCP-enabled AI assistants
Let Claude or other AI tools manage certificates on your behalf via the Model Context Protocol
Security-First Scenarios
For organizations that require strict key control, Certman offers Zero-Trust Mode and Bring Your Own Key (BYOK) workflows.
Zero-Trust CA protection
Passphrase-protect your CA so Certman cannot issue certificates without your explicit authorization — your passphrase is never stored
Mutual TLS (mTLS)
Authenticate both clients and servers — perfect for microservices, zero-trust networks, and VPN authentication
Air-gapped key generation
Generate private keys locally, submit CSRs to Certman, and keep keys isolated on your hardware
IoT device certificates
Issue unique certificates for each device in your fleet for strong device identity and authentication
Compliance & audit trails
Complete visibility into certificate issuance and revocation with immutable audit logs
Small Teams & Startups
Professional certificate management that doesn't require a dedicated PKI team. Grown-up tooling without the overhead.
Multi-tenant workspaces
Separate CAs and certificates by project, environment, or client
Role-based access control
Owner, admin, and member roles with granular permissions
Granular API scopes
Create API keys with per-CA permissions — read, issue, or revoke only what's needed
Centralized certificate dashboard
Track expiration dates, revocation status, and certificate inventory in one place
Why Choose Certman?
Built for simplicity without sacrificing power
Set up in minutes
Create your first CA and issue certificates in under 5 minutes
No OpenSSL required
Forget complex command-line certificate generation
Zero-Trust Mode
Optional passphrase protection — only you can issue certificates
OCSP & CRL support
Real-time revocation checking built in
Beautiful, modern UI
Dark-first design inspired by UniFi OS
Unlimited certificates
Issue as many certificates as you need under each CA