Redwax Project

The Redwax Project provides a number of small and modular security tools to make it easy to build security services on the web.

The aim of the project is keep the security footprint and the number of dependencies as low as possible. The code is released as open source under the Apache License v2.

Redwax Server

The Redwax server consists of a series of modules for the Apache HTTP Server that can be combined together to form various types of certificate authorities.


Modules to support issuing certificates with SPKAC and SCEP, servicing certificate revocation with CRLs and OCSP, and creating timestamps.


Read the manual.


Find the latest and archived releases.

Getting Involved

Get access to the source code, issue tracker and mailing lists.


The code is available for download under the Apache License, version 2.0.


The projects within Redwax follow a set of rules for the build and ongoing maintenance of the code.


Redwax projects meet a set of architecture requirements.

Release Process

For code to be considered a release of a the Redwax Project, a specific set of requirements must be met.