CertForge was built for environments where certificate issuance is itself a security control. Every design decision — from the approval workflow to the audit trail — treats your PKI as the trust anchor it is.
Every approval decision is SHA-256 hash-chained. Retroactive modification of any record breaks the chain — detectable on demand.
No certificate issues without passing policy. Every request is evaluated against domain rules, validity limits, and approval workflows before issuance.
All data in transit over TLS 1.2+. mTLS available for API clients. Session cookies are HttpOnly, Secure, and SameSite=Lax.
Role-based access control, TOTP multi-factor authentication, and OIDC SSO (Azure AD, Okta, Google). Sessions invalidated immediately on password change.
Each organization's DTPs, approvals, and certificates are strictly isolated. Org users cannot see or access other orgs' data.
Run CertForge entirely on your own infrastructure. Your certificate data never leaves your environment. Air-gapped deployments supported.
Most audit logs are just append-only databases. Anyone with DB access can silently delete or alter records. CertForge's approval log is different.
Every record's SHA-256 hash is computed over both the record content and the previous record's hash — forming an unbreakable chain. Alter any record, and every subsequent hash in the chain is invalidated. You can verify integrity on demand from the UI or export the raw chain for independent verification.
This means you can prove to any auditor — cryptographically — that no certificate was ever issued without proper authorization, and that the record of who approved what has never been touched.
| What | How |
|---|---|
| Data in transit | TLS 1.2+ (TLS 1.3 preferred). Minimum version enforced. |
| API client auth | mTLS available; API key auth with HMAC-signed tokens |
| Passwords | bcrypt, cost factor 12 |
| Private keys (self-hosted) | Stored at rest per your filesystem/volume encryption policy |
| Database (managed cloud) | AES-256 encryption at rest |
CertForge's controls are designed to support common compliance frameworks. SOC 2 Type II audit is in progress.
Security, Availability, and Confidentiality trust service criteria. Audit evidence collection ongoing.
AU-9 (audit protection) and AU-10 (non-repudiation) addressed by the hash-chained approval log.
47-day max validity enforcement built in. Stay ahead of browser requirements without changing your issuance pipeline.
Access controls, audit logging, and self-hosted option meet certificate management requirements for regulated industries.
We're committed to working with security researchers. If you discover a vulnerability in CertForge, please report it privately — we'll acknowledge within 24 hours and work with you toward a fix.