BastionXP is a Public Key Infrastructure (PKI) / Certificate Authority (CA) that creates, signs and distributes SSH, SSL/TLS X.509 certificates to servers and end users upon successful SSO login and 2FA authentication via OAuth providers such as GitHub, G-Suite, Microsoft Office 365, Okta and more.
BastionXP automates certificate management at scale, while simplifying your end-user workflow without compromising security.
BastionXP also has a built-in SSH proxy server that can be configured to function as an SSH bastion host. BastionXP works seamlessly with OpenSSH server and client software.
BastionXP offers Zero Trust Network Access(ZTNA) Security. All servers and end-users are required to authenticate with the BastionXP Authentication Server using an SSO and 2FA login, before access to the network can be granted.
BastionXP issues short-lived SSH, TLS/SSL X.509 certificates to end-users so that no user would have an indefinite access to any network resource. Moreover, these certificates, issued to a specific user based on Role Based Access Control(RBAC) can be used to access only a specific server(s) in the network. BastionXP provides you fine-grained control over who can access what resources in a network and for how long.
All network access events are logged and available for download, so that the logs can be analyzed using a log analyzer for anamoly detection.
BastionXP solution is available in three different formats:
Software | Features | Best Suited For |
---|---|---|
Free Software Version | Limited features & best-effort support | Hobbyists, educational purposes and non-commercial use cases. |
Cloud-Hosted Version | All enterprise features & priority customer support | Small teams and Startups. |
Self-Hosted Version | All enterprise features & priority customer support | Enterprises and Large Organizations. |
No features have been listed yet.
No Smallstep Certificates videos yet. You could help us improve this page by suggesting one.
Based on our record, Smallstep Certificates seems to be more popular. It has been mentiond 10 times since March 2021. We are tracking product recommendations and mentions on various public social media platforms and blogs. They can help you identify which product is more popular and what people think of it.
Just a little heads up https://smallstep.com/certificates/. Source: about 1 year ago
Step-ca: Not web based, but the CLI is pretty user friendly: https://smallstep.com/certificates/. Source: about 1 year ago
I was just looking at https://smallstep.com/certificates a few days ago. It looks like they have an operator that fits your description as well as example docs for setting up inter-microservice mtls. Source: about 1 year ago
In the quick search I learned about Ssh cert authority which looks very manual and also like a dead project Smallstep's step-ca who put together very nice article about how to begin certificate authority process Netflix' BLESS is AWS only Cashier which also looks quite ok. Source: almost 2 years ago
If you want something a little fancier (I.e. Get automatic certs with all that ACME goodness) check out SmallStep. This is next on my list of homelab projects. Source: about 2 years ago
PKI.js - PKIjs is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
OpenXPKI - OpenXPKI is a software stack that provides all necessary components to manage keys and certificates...
VeriSign - VeriSign Authentication Services provides solutions that allow companies & consumers to engage...
Teleport Database Access - Instant, secure, & privileged access to Postgres and MySQL
EJBCA - EJBCA® is a PKI Certificate Authority software, built using Java (JEE) technology.
Smallstep SSH - Single Sign-on SSH