OpenSource Software

nsLight PKI

nsLight PKI is a PERL script, that uses OpenSSL to provide Public Key Infrastructure operations (Удостоверяющий Центр). Features are:
  • Key ceremony workflow for initialization
  • Requesting certificate in centralized mode (PKCS#12 generation)
  • Certificate view and revocation
  • Managing only one CA (as certificate/key-pair)
  • CRL generation (at revocation time and once a day by cron job)
  • Certificate expiration notification (30 days before expiration)
  • UTF-8 support
  • Support for RSA/SHA-1/3DES and ГОСТ Р 34.10-2001, ГОСТ 28147-89 and ГОСТ Р 34.11-94
The script is used both as CGI Web-based interface and cron task.
Download and install it by typing "./" and answer a few questions. Administrator's login is "admin". GOST support requires OpenSSL 1.0+. The software is released under the terms of GPL v3.

Pay attention that this PKI software probably won't be able to handle several thousands of certificates. Also, for GOST version, it is not certified by FSB. If you need this, please consider buying PKI software (Русская версия).

Finally, if you need to use GOST algorithm for SSL/HTTPS connection, you can have a look at this HOWTO using stunnel with GOST.