Web-Based Digital Certificate Management Portal
A centralized Public Key Infrastructure (PKI) management platform developed using Flask, Step CA, and OpenLDAP to streamline certificate issuance, validation, revocation, and lifecycle governance through a secure role-based management portal.
- Private Certificate Authority Integration (Step CA)
- LDAP Authentication using OpenLDAP & LDAP3
- Role-Based Access Control (RBAC)
- Certificate Lifecycle Management
- Audit Logging & Operational Visibility
The PKI Challenge
Managing digital certificates manually becomes increasingly difficult as infrastructure scales. Untracked certificate expirations, fragmented certificate inventories, and inconsistent request workflows can result in service disruptions, operational inefficiencies, and increased security risk.
The Engineered Solution
This project introduces a centralized certificate management layer that integrates Step CA and OpenLDAP into a unified administrative platform. Through role-based access controls, certificate workflows, lifecycle visibility, and audit logging, the portal simplifies certificate governance while improving operational efficiency and security oversight.
Core Security Pillars
Identity & RBAC
Enforces structured access controls using OpenLDAP authentication and role-based authorization for administrators and standard users.
Certificate Lifecycle
Supports CSR submission, approval workflows, certificate issuance, validation, and revocation through centralized administration.
Certificate Governance
Provides visibility into certificate requests, approvals, status tracking, and lifecycle operations through structured management workflows.
Audit & Monitoring
Captures certificate activities, administrative actions, and user operations to support accountability and security auditing.
Flask
Web Application Framework
Step CA
Private Certificate Authority
LDAP3
Identity Authentication
RBAC
Access Control Architecture
Functional Capabilities
- CSR Management: Certificate Signing Request submission and approval workflow.
- Certificate Issuance: Centralized certificate generation using Step CA.
- Certificate Revocation: Administrative certificate revocation and lifecycle control.
- Expiration Monitoring: Visibility into certificate validity periods and upcoming expirations.
- Audit Logging: Recording of user and certificate operations for accountability.
Technical Stack & Ecosystem
| Backend | Python, Flask |
| PKI Infrastructure | Step CA, Step CLI |
| Identity Management | OpenLDAP, LDAP3, RBAC |
| Database | SQLite |
| Infrastructure | Oracle VirtualBox, Ubuntu Server |
Development & Test Environment
The platform was developed and validated within a virtualized laboratory environment using Oracle VirtualBox and Ubuntu Server. Step CA and OpenLDAP services were deployed on the Ubuntu virtual machine and integrated with the Flask application using Step CLI and LDAP3 libraries.
Security Engineering Perspective
This project demonstrates practical implementation of Public Key Infrastructure (PKI), Identity and Access Management (IAM), LDAP integration, certificate governance, and security automation. It showcases the design and deployment of a certificate management ecosystem integrating Step CA, OpenLDAP, Flask, and SQLite within a virtualized infrastructure environment.
PKI
Certificate Governance
Project Assets & Verification
Explore the source code repository, review documentation, and watch the operational demonstration.