Redwax Server

Build a modular certificate authority by combining the following modules for Apache HTTP server.


Provides the API that allows the backend and frontend modules to be combined with one another.


Exposes an RFC5280 Certificate Revocation List at the given URL.


Exposes an endpoint to respond to RFC6960 Online Certificate Status Protocol requests.


Exposes an IETF Draft Simple Certificate Enrollment Protocol endpoint.


Exposes an endpoint that can process a Signed Public Key and Challenge request and return a certificate.


Exposes an RFC3161 Time Stamp Protocol endpoint for document timestamping.


Backend module that reads a Certificate Revocation List from disk, and exposes it via mod_crl or mod_ocsp.


Backend module that stores and serves certificates from a directory on disk compatible with an OpenSSL CA.


Backend module that signs and issues certificates based on a key stored in an HSM provided by the OpenSSL Engine interface.


Backend module that verifies permission to issue a certificate, and to store a certificate once issued.


Backend module that signs and issues certificates based on a key stored on disk.


Use the source, Luke.


We are yet to make our first release. When we do, you will be able to download it here.

Getting Involved

Get the code. Ask questions. Track issues.

Source Control

The source code for the Redwax Server is stored in Bitbucket and mirrored as an SVN repository.

  • Bitbucket: Browse the source code and submit pull requests using git.
  • Subversion: The repository of record is available using subversion.

Issue Tracking

  • Jira: Track issues in the Redwax Server project.

Mailing Lists

The following mailing lists are available.

Security Issues

Use the following address for contacting us to report security issues with Redwax Server.