This will serve as a list of all of the features that BounCA currently has. Some features are important enough to have their own page in the docs, others will simply be listed here.
Create intermediate certificates for grouping of certificates¶
Having multiple intermediate certificates enables authorization on group level. Create certificates for different level of grants.
Create server side certificates for setting up trusted and encrypted connections¶
Create server side certificates for encrypted trusted connections. Typical use cases are: - Internal trust network in your Intranet - Trusted peer network with reduced risk of man-in-the-middle attack - Trusted private cloud services over Internet
Support for advanced v3 certificates containing subject alt names¶
Generate client and server certificates with subject alt names for supporting multiple accounts or domains.
Revoke certificates within one mouse click and download Certificate Revoke Lists (CRL)¶
Easily revoke a certificate from the dashboard by pressing the revoke button. Download the CRL file for hosting it.
Download certificates, keys, and keystore packages for your webserver and installation¶
Download a zip containing all the important certificate and key files for configuring your webservers (Apache, nginx), OpenVPN and other services. The package also contains a prepackages pkcs12 file with the keys and certificates.
Keep track of validity of your certificates via ics / iCal calendar export containing expiration dates¶
You can create an iCal, ics file containing the expiration dates of your certificates. Import the file in your calendar and be warned on time when a certificate expires.
Protect your certificates via passphrases¶
All keys in BounCA are protected by passphrases. It is only allowed to have client and server certificates without passphrase.
BounCA takes care that your passphrases are strong enough, and checks if your passphrase is correct before signign a
BounCA does not store passphrases. Please keep your passphrases in a secret place as you cannot restore a passphrase.
Use the PKI without webinterface from the command line¶
The keys, certificates and other files belonging to your certificate authority are stored in an easy exportable folder structure including shell scripts to generate certificates. You may generate a base PKI from BounCA and copy the files to manage your CA elsewhere.
If you generate certificates from the command line you cannot use BounCA to manage that CA as the database will not be in sync with your PKI.