Project Overview
The Web-Based Digital Certificate Management Portal is an enterprise-grade security application developed by Imran Sarwar (Saif Way Technology) to manage the complete lifecycle of digital certificates using a private Certificate Authority (CA).
The system integrates Step CA, ACME protocol, and LDAP-based authentication to provide a centralized, secure, and automated certificate management platform suitable for modern IT infrastructure, DevOps environments, and internal PKI deployments.
What Problem This Project Solves
In many organizations, certificate management is:
- Manual
- Error-prone
- Poorly monitored
- Lacking centralized visibility
This project addresses those challenges by delivering:
- A single web portal for certificate operations
- Automated issuance and renewal via ACME
- Strong identity-based access control
- Audit-ready logging and monitoring
Core Capabilities
User Roles & Access Control
- Administrator
- Manage all users, certificates, and system settings
- Certificate Manager
- Issue, revoke, renew certificates
- Deploy certificates to servers via SSH
- Regular User
- Generate CSRs
- Request and view issued certificates
Role enforcement is implemented using RBAC with LDAP-backed authentication.
Certificate Management
- CSR generation and submission
- CA-signed certificate issuance via Step CA
- Certificate renewal before expiration
- Certificate revocation management
- Support for:
- CA-signed certificates
- Internal private PKI use cases
Authentication & Security
- LDAP-based authentication and authorization
- OAuth 2.0 / OpenID Connect support
- Two-Factor Authentication (2FA)
- Role-Based Access Control (RBAC)
- Secure API access using token-based authentication
Automation & Integration
- ACME protocol for automated certificate issuance and renewal
- REST APIs for external system integration
- Webhooks for certificate lifecycle events
- SSH-based certificate deployment to servers
Logging & Monitoring
- Full audit trail of certificate operations
- Certificate expiry alerts and notifications
- Exportable logs for compliance and security audits
User Interface
- Centralized dashboard showing:
- Certificate status
- Expiry timelines
- Key usage metrics
- Search and filtering of certificates
- Graphical visualization of certificate lifecycle
- Responsive UI for desktop and mobile
Tools & Technologies
- Backend: Python (Flask), Paramiko
- Frontend: HTML5, CSS3, Bootstrap, JavaScript
- Certificate Authority: Step CA
- Protocols: ACME, HTTPS
- Authentication: LDAP, OAuth 2.0, RBAC, 2FA
- Database: MySQL
- Server OS: Ubuntu 22.04 LTS
- Deployment: Docker
- Reporting: PDF generation (ReportLab)
Outcome & Impact
This project successfully delivered:
- A fully functional private CA management portal
- Automated certificate issuance and renewal using ACME
- Secure, role-based certificate operations
- Centralized PKI visibility and lifecycle control
- Enterprise-ready audit logging and monitoring
- A real-world PKI & security automation solution
This project strongly demonstrates expertise in PKI, enterprise security, DevOps automation, IAM integration, and secure web application design, making it highly relevant for Security Engineer, DevOps Engineer, Cloud Engineer, and IAM-focused roles.
Additional Resources
- Video Demonstration:
Digital Certificate Management Portal – Demo