An Offline Certificate Authority

Value Proposition

Iron helps developers to setup a Certificate Authority to secure Online Assets on mTLS

What it this

IRON is a collection of scripts that implement an offline Certification Authority for signing intermediate CA and leaf certificates.

It is meant to be used to create client certificate for mTLS authentication in order to espose secure endpoints over the broader network and your private LAN.

Use Cases

  • PKI for your Industrial IOT gateway clients
  • Internal zero-trust architecture
  • Secure communication between services with mTLS
  • Implement a service for enrollment of embedded IOT devices

Special features

Certificate Authority and client certificates are generated storage is file-based.

Other Tools

If you are looking for an online CA, or a way to implement one, you might find useful cert-signer

Initialize the CA:

iron ca create

Use the CA to sign Client Certificates

You can use iron to sign client certificates with your CA

$iron certificate <sign> <service> <CSR-file>

Getting Guidance

$ iron
Usage: iron <command> [<args>]

Some useful iron commands are:
   ca           manage CA
   certificate  create certificates
   client       manage CSR for certificates creation
   commands     List all iron commands
   debug        manage CA
   keystore     create and show contents of java  keystore
   pkcs12       create *.p12 keystore
   service      manage service/server certificate creation


Iron source code


The code is freely available under GPL License see: COPYING

Additional commercial support and licensing is available on request. Just issue a support request and mention you are interested in iron