Ultimate CA Manager

Ultimate CA Manager (UCM) is a comprehensive Certificate Authority management platform with full PKI protocol support (SCEP, OCSP, ACME, CRL/CDP), multi-factor authentication, and complete certificate lifecycle management.

---

Features

• Full CA & Certificate Lifecycle — Create, sign, revoke, renew, export certificates and CAs with hierarchy support
• Industry Protocols — SCEP (RFC 8894), ACME (Let's Encrypt compatible), OCSP (RFC 6960), CRL/CDP
• Certificate Toolbox — SSL checker, CSR/cert decoder, key matcher, format converter (PEM, DER, PKCS#12, PKCS#7)
• Advanced Security — WebAuthn/FIDO2, mTLS, TOTP 2FA, audit logs with hash chain integrity, rate limiting
• Modern UI — React 18 + Radix UI, 12 themes (6 colors × light/dark), responsive mobile-first design, command palette (Ctrl+K)
• User Management — Groups, API keys, session tracking, force password change
• Import/Export — Smart parser (drag & drop), OPNsense import, bulk export, backup & restore
• Multi-platform — Docker (amd64/arm64), Debian/Ubuntu (.deb), RHEL/Rocky/Fedora (.rpm)

---

Screenshots

Dashboard	CA Management
Certificates	12 Theme Variants

See more: Full Gallery

---

Quick Start

Docker (Recommended)

docker run -d --restart=unless-stopped \
  --name ucm -p 8443:8443 \
  -v ucm-data:/opt/ucm/data \
  neyslim/ultimate-ca-manager:latest

Docker Compose

services:
  ucm:
    image: neyslim/ultimate-ca-manager:latest
    ports: ["8443:8443"]
    volumes: ["./data:/opt/ucm/data"]
    restart: unless-stopped

Debian/Ubuntu

wget https://github.com/NeySlim/ultimate-ca-manager/releases/latest/download/ucm_all.deb
sudo apt install -y python3-venv python3-pip && sudo dpkg -i ucm_*.deb

RHEL/Rocky/Fedora

wget https://github.com/NeySlim/ultimate-ca-manager/releases/latest/download/ucm.noarch.rpm
sudo dnf install ./ucm-*.rpm

Universal Installer

curl -fsSL https://raw.githubusercontent.com/NeySlim/ultimate-ca-manager/main/packaging/scripts/install-ucm.sh | sudo bash

Access: https://localhost:8443 — Credentials: admin / (shown during install or in /etc/ucm/ucm.env)

---

API

RESTful JSON API under /api/v2/. See OpenAPI spec and Wiki.

Resource	Endpoints
Auth	POST /auth/login, /logout, /verify
CAs	GET/POST /cas, GET/PUT/DELETE /cas/{id}
Certificates	GET/POST /certificates, .../revoke, .../renew
CSRs	GET/POST /csrs, POST /csrs/{id}/sign
SCEP	GET /scep/pkiclient.exe
OCSP	POST /ocsp
CRL	GET /crl/{ca_id}

---

Tech Stack

Frontend: React 18, Vite, Radix UI · Backend: Python 3.11+, Flask, SQLAlchemy · Database: SQLite · Server: Gunicorn + gevent WebSocket · Auth: JWT, WebAuthn/FIDO2, TOTP

---

Documentation

Full docs on the Wiki: Installation · Quick Start · SCEP · ACME · Troubleshooting

---

Contributing

See CONTRIBUTING.md. Fork → branch → commit → PR.

License

BSD 3-Clause — See LICENSE.

Support

Issues · Wiki · Discussions