index.html

<!doctype html>
<html lang="en" data-bs-theme="auto">

<head>
  <script src="assets/js/color-modes.js"></script>

  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <meta name="description" content="">
  <meta name="author" content="White Rabbit Security GmbH">
  <title>OpenXPKI - The Open Source Trustcenter Solution</title>
  <link href="assets/bootstrap.min.css" rel="stylesheet">
  <link href="assets/bootstrap-icons.min.css" rel="stylesheet">

  <style>
    .bd-placeholder-img {
      font-size: 1.125rem;
      text-anchor: middle;
      -webkit-user-select: none;
      -moz-user-select: none;
      user-select: none;
    }

    @media (min-width: 768px) {
      .bd-placeholder-img-lg {
        font-size: 3.5rem;
      }
    }

    .bi {
      vertical-align: -.125em;
      fill: currentColor;
    }

    .btn-bd-primary {
      --bd-violet-bg: #712cf9;
      --bd-violet-rgb: 112.520718, 44.062154, 249.437846;

      --bs-btn-font-weight: 600;
      --bs-btn-color: var(--bs-white);
      --bs-btn-bg: var(--bd-violet-bg);
      --bs-btn-border-color: var(--bd-violet-bg);
      --bs-btn-hover-color: var(--bs-white);
      --bs-btn-hover-bg: #6528e0;
      --bs-btn-hover-border-color: #6528e0;
      --bs-btn-focus-shadow-rgb: var(--bd-violet-rgb);
      --bs-btn-active-color: var(--bs-btn-hover-color);
      --bs-btn-active-bg: #5a23c8;
      --bs-btn-active-border-color: #5a23c8;
    }

    .navbar-nav li.nav-divider {
      position: relative;
      margin: 0 10px;
    }

    li.nav-divider:after {
      content: '';
      position: absolute;
      right: -2px;
      width: 2px;
      height: 80%;
      top: 10%;
      background: green
    }
  </style>

  <!-- Custom styles for this template -->
  <link href="carousel.css" rel="stylesheet">
</head>

<body>

  </svg>

  <header data-bs-theme="light">
    <nav class="navbar navbar-expand-md navbar-light fixed-top bg-light">
      <div class="container-fluid">
        <a class="navbar-brand" href="#"><img src="img/logo.png"></a>
        <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"
          aria-controls="navbarCollapse" aria-expanded="false" aria-label="Toggle navigation">
          <span class="navbar-toggler-icon"></span>
        </button>
        <div class="collapse navbar-collapse" id="navbarCollapse">
          <ul class="navbar-nav me-auto mb-2 mb-md-0">
            <li class="nav-item">
              <a class="nav-link active" aria-current="page" href="#">Home</a>
            </li>
            <li class="nav-item">
              <a class="nav-link" href="#features">Core Features</a>
            </li>
            <li class="nav-item">
              <a class="nav-link" href="#resources">Resources</a>
            </li>
            <li class="nav-item">
              <a class="nav-link" href="#packages">Packages</a>
            </li>
            <li class="nav-divider"></li>
            <li class="nav-item">
              <a class="nav-link" href="https://github.com/openxpki/openxpki/" target="_blank">Github</a>
            </li>
            <li class="nav-item">
              <a class="nav-link" href="https://openxpki.readthedocs.org/en/latest/" target="_blank">Documentation</a>
            </li>
            <li class="nav-item">
              <a class="nav-link" href="https://sourceforge.net/p/openxpki/mailman/openxpki-users/"
                target="_blank">Mailing List</a>
            </li>
            <li class="nav-item">
              <a class="nav-link" href="https://demo.openxpki.org/" target="_blank">Online Demo</a>
            </li>
            <li class="nav-item">
              <a class="nav-link" href="https://www.whiterabbitsecurity.com/" target="_blank">Commercial Support</a>
            </li>
          </ul>
        </div>
      </div>
    </nav>
  </header>

  <main>


    <div class="container marketing">

      <div class="row flex-lg-row-reverse align-items-center g-5 py-5">
        <div class="col-10 col-sm-8 col-lg-6">
          <img src="img/openxpki.svg" class="d-block mx-lg-auto img-fluid" alt="OpenXPKI Logo" width="700" height="500"
            loading="lazy">
        </div>
        <div class="col-lg-6">
          <h1 class="display-5 fw-bold lh-1 mb-3">PKI Made in Germany</h1>
          <p class="lead">
      OpenXPKI is an enterprise-grade PKI/Trustcenter software
	  for customizable and scaleable management of X.509v3 certificates, known
      for its flexibility, web-based management interface, workflow support,
      and active Open Source community.
          </p>
          <p>Established in 2009, it has grown and improved over the years, with installations serving
            several hundreds of thousands of certificates below dozens of issuing CAs on a single installation.</p>
          <p>While running the core functionality as an Open Source project, the team behind the project offers consulting,
            setup and operational support as well as several add-on modules for integrating certificate management
            into existing ITSM infrastructures.
          </p>
        </div>
      </div>

      <!-- Three columns of text below the carousel -->
      <div class="row">
        <div class="col-lg-4">
          <img class="rounded-circle" width="200" height="160" src="img/my-certificates.png">
          <h2 class="fw-normal">Certificate Lifecycle</h2>
          <p>Utilize customizable workflows that seamlessly guide your users through the certificate request, renewal, and revocation processes.</p>
        </div>
        <div class="col-lg-4">
          <img class="rounded-circle" width="200" height="160" src="img/bulk.png">
          <h2 class="fw-normal">Automation</h2>
          <p>Enable full automation of certificate distribution with industry-standard interfaces and a flexible custom API.
          </p>
        </div>
        <div class="col-lg-4">
          <img class="rounded-circle" width="200" height="160" src="img/reports.png">
          <h2 class="fw-normal">Reporting</h2>
          <p>Stay informed about the status of your certificates at all times through our comprehensive reporting and alerting framework.</p>
        </div>
      </div><!-- /.row -->


      <div class="container px-4 py-5" id="icon-grid">
        <h2 class="pb-2 border-bottom" id="features">OpenXPKI at a Glance</h2>
        <div class="row row-cols-1 row-cols-sm-2 row-cols-md-3 row-cols-lg-4 g-4 py-5">
          <div class="col d-flex align-items-start">
            <div class="bi text-body-secondary flex-shrink-0 me-3">
              <i class="bi bi-check-circle" style="font-size:1.25em"></i>
            </div>
            <div>
              <h3 class="fw-bold mb-0 fs-4 text-body-emphasis">Modern WebUI</h3>
              <p>The Ember.js based web frontend runs in all major browsers and provides easy access to the system for
                users, operators and administrators.</p>
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="bi text-body-secondary flex-shrink-0 me-3">
              <i class="bi bi-check-circle" style="font-size:1.25em"></i>
            </div>
            <div>
              <h3 class="fw-bold mb-0 fs-4 text-body-emphasis">Automation</h3>
              <p>In addition to the standard enrollment protocols SCEP, EST, SimpleCMC and ACME, a powerful REST-like
                API with OpenAPI support is also included.</p>
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="bi text-body-secondary flex-shrink-0 me-3">
              <i class="bi bi-check-circle" style="font-size:1.25em"></i>
            </div>
            <div>
              <h3 class="fw-bold mb-0 fs-4 text-body-emphasis">Configuration</h3>
              <p>Full system configuration is held in YAML files. An overlay mechanism allows easy management of
                environment-specific differences.</p>
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="bi text-body-secondary flex-shrink-0 me-3">
              <i class="bi bi-check-circle" style="font-size:1.25em"></i>
            </div>
            <div>
              <h3 class="fw-bold mb-0 fs-4 text-body-emphasis">Flexible Crypto Layer</h3>
              <p>Crypto operations are based on the renowned OpenSSL toolkit and can utilize almost any compatible
                Hardware Security Module (HSM).</p>
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="bi text-body-secondary flex-shrink-0 me-3">
              <i class="bi bi-check-circle" style="font-size:1.25em"></i>
            </div>
            <div>
              <h3 class="fw-bold mb-0 fs-4 text-body-emphasis">Multiple Backends</h3>
              <p>Operate your CA signing keys on a remote system or even delegate certificate issuance to an external CA
                like Digicert, Sectigo or SwissSign.</p>
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="bi text-body-secondary flex-shrink-0 me-3">
              <i class="bi bi-check-circle" style="font-size:1.25em"></i>
            </div>
            <div>
              <h3 class="fw-bold mb-0 fs-4 text-body-emphasis">SubCAs and Rollover</h3>
              <p>Run multiple separate CAs within a single installation and enjoy a fully-automated rollover of CA
                generations as a standard operational task.</p>
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="bi text-body-secondary flex-shrink-0 me-3">
              <i class="bi bi-check-circle" style="font-size:1.25em"></i>
            </div>
            <div>
              <h3 class="fw-bold mb-0 fs-4 text-body-emphasis">Integration</h3>
              <p>A generic API allows for easy integration with existing CMDB and ITSM systems to automate request
                validation, approvals and notifications.</p>
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="bi text-body-secondary flex-shrink-0 me-3">
              <i class="bi bi-check-circle" style="font-size:1.25em"></i>
            </div>
            <div>
              <h3 class="fw-bold mb-0 fs-4 text-body-emphasis">User Management</h3>
              <p>Seamlessly integrate your existing identity and access management using SAML, OAuth, LDAP or
                webserver-based SSO solutions.</p>
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="bi text-body-secondary flex-shrink-0 me-3">
              <i class="bi bi-check-circle" style="font-size:1.25em"></i>
            </div>
            <div>
              <h3 class="fw-bold mb-0 fs-4 text-body-emphasis">Workflow Driven</h3>
              <p>Processes are driven by workflows defined as part of the customer configuration, allowing for easy
                adaptation to project-specific needs.</p>
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="bi text-body-secondary flex-shrink-0 me-3">
              <i class="bi bi-check-circle" style="font-size:1.25em"></i>
            </div>
            <div>
              <h3 class="fw-bold mb-0 fs-4 text-body-emphasis">Easy Deployment</h3>
              <p>Deployment is as easy as installing the software using your distribution's package manager, copying and
                adjusting the sample configuration, loading your key material and you're ready to go!
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="bi text-body-secondary flex-shrink-0 me-3">
              <i class="bi bi-check-circle" style="font-size:1.25em"></i>
            </div>
            <div>
              <h3 class="fw-bold mb-0 fs-4 text-body-emphasis">Free Open Source</h3>
              <p>The fully-functional software with an extensive example configuration is provided under the Apache
                License with friendly support via mailing list.</p>
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="bi text-body-secondary flex-shrink-0 me-3">
              <i class="bi bi-check-circle" style="font-size:1.25em"></i>
            </div>
            <div>
              <h3 class="fw-bold mb-0 fs-4 text-body-emphasis">Enterprise Ready</h3>
              <p>Consulting, configuration, packaging and operational support with SLA are available directly from the
                core developers via White Rabbit Security GmbH.</p>
            </div>
          </div>

        </div>
      </div>



      <!-- START THE FEATURETTES -->

      <hr class="featurette-divider">


      <!-- TBD -->
      <div class="row featurette">
        <div class="col-md-7">
          <h2 class="featurette-heading fw-normal lh-1">OpenXPKI Mission: <span class="text-body-secondary">Empowering
              continuous PKI operation.</span></h2>
          <p class="lead">OpenXPKI is an enterprise grade PKI and Trustcenter
            software which focuses strongly on Registration Authority (RA)
            functionality and supporting truly continuous PKI operation in
            professional PKI environments of any scale and complexity.
            Maintained by a seasoned team of PKI
            experts, it offers unmatched flexibility and
            configurability. Rooted in a
	  vision outlined in the
	  <a href="download/OpenXPKI-Architecture-Overview.pdf" target="_blank" rel="noopener noreferrer">original architecture whitepaper</a>,
            the project constantly evolves to meet modern PKI needs. Unique approaches
            tackle common challenges faced in professional environments,
            emphasizing technical abstraction over local
	  customizations. While the 
	  <a href="https://github.com/openxpki/openxpki" target="_blank" rel="noopener noreferrer">OpenXPKI Community Edition</a> is true
	  Open Source, the
	  <a href="https://www.whiterabbitsecurity.com/produkte/openxpki/" target="_blank" rel="noopener noreferrer">Enterprise Edition</a>
	  provides additional features, commercial support
	  and consulting services offered by
	  <a href="https://www.whiterabbitsecurity.com" target="_blank" rel="noopener noreferrer">White Rabbit Security GmbH</a>.</p>

        </div>
        <div class="col-md-5">
          <img src="img/status.png" class="bd-placeholder-img bd-placeholder-img-lg featurette-image img-fluid mx-auto"
            width="500" height="500" alt="OpenXPKI Status Screen">
        </div>
      </div>

      <hr class="featurette-divider">

      <!-- Lattice -->
      <div class="row featurette">
        <div class="col-md-7 order-md-2">
          <h2 class="featurette-heading fw-normal lh-1">Enterprise Ready: <span class="text-body-secondary">Mature,
              standard compliant, and
              future-proof.</span></h2>
          <p class="lead">OpenXPKI is built upon a highly stable and mature code base, continuously maintained and
            upgraded by the OpenXPKI development team at White Rabbit Security GmbH. The project prioritizes adherence
            to open standards for seamless integration with other infrastructure components.</p>
          <p class="lead">The OpenXPKI team is committed to making
            OpenXPKI the optimal choice for a future-proof PKI. The project
            remains aligned with current trends in PKI and cryptography,
            following up on the latest developments in the ongoing standardization of Post Quantum Cryptography.
            OpenXPKI is poised to provide robust support for Post Quantum Cryptography algorithms and protocols,
            ensuring its relevance and security for the next decades of cryptographic advancements.</p>
        </div>
        <div class="col-md-5 order-md-1">
          <img src="img/SVP.svg.png" class="bd-placeholder-img bd-placeholder-img-lg featurette-image img-fluid mx-auto"
            width="500" height="500" alt="Lattice-Based Cryptography">
        </div>
      </div>

      <hr class="featurette-divider">

      <div class="row featurette">
        <div class="col-md-7">
          <h2 class="featurette-heading fw-normal lh-1">Certificate
            Lifecycle Management: <span class="text-body-secondary">Getting back
              into power.</span></h2>
          <p class="lead">OpenXPKI provides robust features for managing the lifecycle of certificates, equipping PKI
            Registration Officers with a comprehensive toolkit for their tasks. The capabilities span from powerful GUI
            functions for information retrieval and metadata management to overseeing the certificate request processes.</p>
          <p class="lead">This extends to automation and policy enforcement features for enrollment interfaces (SCEP,
            EST, ACME and OpenXPKIRPC). Custom metadata, alongside standard information like contact email addresses,
            can be defined and managed through the GUI, providing flexibility in grouping or querying certificates.
            Fully automatic end entity certificate renewal is supported across all enrollment interfaces, contingent on
            support by the end entities.</p>
          <p class="lead">For distributed certificate management, White
            Rabbit Security offers CertNanny Enterprise Edition, a commercial multi-platform client-side agent that
            integrates seamlessly with OpenXPKI.</p>
        </div>
        <div class="col-md-5">
          <img src="img/gustavo-sanchez-RwliW6b74Hw-unsplash-500.jpg"
            class="bd-placeholder-img bd-placeholder-img-lg featurette-image  img-fluid mx-auto" width="500"
            height="500" alt="Control Lever">
        </div>
      </div>


      <hr class="featurette-divider">
      <!-- Hochhaus -->
      <div class="row featurette align-middle">
        <div class="col-md-7 order-md-2">
          <h2 class="featurette-heading fw-normal lh-1">PKI Realms: <span class="text-body-secondary">Run multiple
              logical CAs in one OpenXPKI instance.</span></h2>
          <p class="lead">OpenXPKI supports hosting multiple PKI Realms in
            a single instance. Each PKI Realm manages a distinct namespace of
            end-entity certificates and may include zero, one, or many Issuing
            CAs for certificate issuance within that namespace. A PKI Realm
            defines profiles, workflows and policies for certificate management,
            ensuring complete separation from other PKI Realms.</p>
          <p class="lead">The actual certificate issuance can be done directly on the local
            system using either software keys or utilizing an HSM. It is also possible
            to set up OpenXPKI with the RA and CA operating on separate systems or even
	  delegate the issuance process to an external CA. The OpenXPKI Enterprise Edition
	  offers extensions that seamlessly integrate with DigiCert, Sectigo, and SwissSign.
	  This enables you to efficiently manage both your browser-trusted certificates and
	  internal certificates on a unified platform, complete with comprehensive reporting
	  and automation capabilities.
          </p>
        </div>

        <div class="col-md-5 order-md-1">
          <img src="img/simone-hutsch-eXBqaHUt994-unsplash-500.jpg"
            class="bd-placeholder-img bd-placeholder-img-lg featurette-image img-fluid mx-auto" width="500" height="500"
            alt="Skyscraper">
        </div>
      </div>


      <hr class="featurette-divider">

      <div class="row featurette">
        <div class="col-md-7">
          <h2 class="featurette-heading fw-normal lh-1">Seamless Issuing CA
            Rollover: <span class="text-body-secondary">Effortless Certificate Authority rotation.</span></h2>
          <p class="lead">CA Rollovers should be easy. In fact, why even
            restart your PKI for that? In a PKI Realm, multiple Issuing CAs can be configured to issue certificates.
            OpenXPKI's core automatically selects the appropriate Issuing CA certificate for issuance based on criteria
            such as the highest NotBefore date. Older Issuing CA certificates are retained in passive mode and used for
            issuing CRLs post-rollover. This ensures seamless CA rollovers without system downtime or administrative
            intervention. While the mechanism defaults to automatic rollovers, administrators can also set specific
            dates or execute rollovers manually. As an Issuing CA's certificate nears expiration, the system
            automatically issues a final long-lived CRL for a smooth retirement process.</p>
        </div>
        <div class="col-md-5">
          <img src="img/parrish-freeman-lzNnMcqRITM-unsplash-500.jpg"
            class="bd-placeholder-img bd-placeholder-img-lg featurette-image img-fluid mx-auto" width="500" height="500"
            alt="CA Rollover">
        </div>
      </div>

      <hr class="featurette-divider">


      <div class="row featurette">
        <div class="col-md-7 order-md-2">
          <h2 class="featurette-heading fw-normal lh-1">Workflow Engine:
            <span class="text-body-secondary">Efficiently model and execute
              key management processes.</span>
          </h2>
          <p class="lead">OpenXPKI's core system offers a toolbox of simple, stateless cryptographic functions. Complex
            or stateful operations are modeled as workflows, ranging from one-shot reporting tasks to long-lived
            processes requiring manual interactions. Workflow instances can be interrupted and reinstantiated. The
            system includes common workflows for tasks like manual certificate requests, revocation requests, automatic
            enrollment, CRL issuance, and reporting. These can be modified or extended to meet specific project needs,
            or entirely new workflows can be modeled for non-standard requirements.</p>
        </div>
        <div class="col-md-5 order-md-1">
          <img src="img/bradyn-trollip-pxVOztBa6mY-unsplash-500.jpg"
            class="bd-placeholder-img bd-placeholder-img-lg featurette-image img-fluid mx-auto" width="500" height="500"
            alt="Dominos">
        </div>
      </div>

      <hr class="featurette-divider">

      <!-- Screen shot -->
      <div class="row featurette">
        <div class="col-md-7">
          <h2 class="featurette-heading fw-normal lh-1">Generic Web Frontend: <span
              class="text-body-secondary">Intuitive interface for workflow management.</span></h2>
          <p class="lead">OpenXPKI boasts a robust and versatile web
            frontend which empowers users and administrators to interact
            seamlessly with the system. Access the workflow catalog,
            instantiate new workflows, and manage existing instances. The
            frontend dynamically renders the workflow's properties and current state based on
            its workflow definition and internal status. Defining a workflow in OpenXPKI's configuration automatically
            provides a suitable web-based frontend.</p>
        </div>

        <div class="col-md-5">
          <img src="img/reviewcsr2.png"
            class="bd-placeholder-img  bd-placeholder-img-lg featurette-image img-fluid mx-auto" width="500"
            height="500" alt="Web Frontend">
        </div>
      </div>

      <hr class="featurette-divider">
      <div class="row featurette">
        <div class="col-md-7 order-md-2">
          <h2 class="featurette-heading fw-normal lh-1">Infrastructure Key Protection: <span
              class="text-body-secondary">Enhanced security with Hardware Security Modules.</span></h2>
          <p class="lead">OpenXPKI supports Hardware Security Modules (HSMs) for robust infrastructure key protection
            through the PKCS#11 interface. Leveraging HSMs enhances the overall security posture of the system by
            providing a dedicated hardware-based solution for cryptographic key management.</p>
        </div>
        <div class="col-md-5 order-md-1">
          <img src="img/NCipher_nShield_F3_Hardware_Security_Module.jpg"
            class="bd-placeholder-img bd-placeholder-img-lg featurette-image img-fluid mx-auto" width="500" height="500"
            alt="Hardware Security Module">
        </div>

      </div>
      <hr class="featurette-divider">

      <div class="row featurette">
        <div class="col-md-7">
          <h2 class="featurette-heading fw-normal lh-1">Reporting: <span class="text-body-secondary">Efficiently collect
              and provide statistical data.</span></h2>
          <p class="lead">OpenXPKI features customizable reporting functions, implemented
            as one-shot workflows. These functions collect statistical data and
            provide meaningful Key Performance Indicators for
            the managed PKI Realms and generate downloadable CSV files containing the
            gathered information. This capability streamlines the process of
            obtaining and analyzing key statistical insights from the PKI
            environment.
          </p>
        </div>
        <div class="col-md-5">
          <img src="img/certstats.png"
            class="bd-placeholder-img bd-placeholder-img-lg featurette-image img-fluid mx-auto" width="500" height="500"
            alt="Statistics">
        </div>
      </div>

      <hr class="featurette-divider">


      <div class="row featurette">
        <div class="col-md-7 order-md-2">
          <h2 class="featurette-heading fw-normal lh-1">Flexible Configuration: <span class="text-body-secondary">Manage
              system state auditably and verifiably.</span></h2>
	  <p class="lead">OpenXPKI's is configured through a hierarchy of YAML-format configuration files.
	  As the entire configuration is strictly file-based, the use of a revision control system like Git for a
	  PKI instance configuration facilitates easy management, enabling an auditable and verifiable representation
	  of the complete system state. This approach allows test and development systems to share exactly the same configuration as the
	  production system, with any necessary differences isolated in a single local overlay file.</p>
        </div>
        <div class="col-md-5 order-md-1">
          <img src="img/wfcondition1.png"
            class="bd-placeholder-img bd-placeholder-img-lg featurette-image img-fluid mx-auto" width="500" height="500"
            alt="File-based configuration">
        </div>

      </div>

      <hr class="featurette-divider">

      <div class="row featurette">
        <div class="col-md-7">
          <h2 class="featurette-heading fw-normal lh-1">Automation: <span class="text-body-secondary">Highly
              configurable
              certificate enrollment interfaces.</span></h2>
          <p class="lead">OpenXPKI's enrollment interfaces are highly flexible and configurable. They support automatic
            renewal based on the previous certificate's existing key and seamlessly integrate external authentication
            and authorization sources via the <a href="#connector">Connector</a> interface.</p>
          <p class="lead">Following OpenXPKI's "zero, one, or many"
            paradigm, you can define an arbitrary number of enrollment
            interfaces of any type within a PKI Realm. This allows the support
            of individual enrollment modes for different client groups. Standard
            enrollment interfaces, such as SCEP, EST, and ACME, are fully
            supported, providing a comprehensive solution for various enrollment
            scenarios.</p>
          <p class="lead">In conjunction with client-side tools such as
            CertNanny Enterprise Edition, organizations can automate request
            and renewal of certificates.</p>
        </div>
        <div class="col-md-5">
          <img src="img/enroll.png" class="bd-placeholder-img bd-placeholder-img-lg featurette-image img-fluid mx-auto"
            width="500" height="500" alt="Enrollment Interface">
        </div>
      </div>

      <hr class="featurette-divider">
      <div class="row featurette">
        <div class="col-md-7 order-md-2">
          <h2 id="connector" class="featurette-heading fw-normal lh-1">Connectors: <span class="text-body-secondary">Accessing external
              data resources.</span></h2>
          <p class="lead">OpenXPKI introduces the powerful concept of a <a
              href="http://search.cpan.org/~mrscotty/Connector/lib/Connector.pm" target="_blank"
              rel="noopener noreferrer">Connector</a>,
            implementing an abstract key/value tuple interface. Configurable
            anywhere in the OpenXPKI configuration tree, a Connector specifies its implementation class
            and potential static parameters. The system, based on the provided
            key, resolves the implementation class, executes the query at runtime, and returns the result.</p>
          <p class="lead">Connectors can replace literal configuration
            values throughout the entire OpenXPKI configuration, allowing for
            unmatched flexibility when accessing external resources. Connectors are available for various data sources
            such as flat files, LDAP directories, SQL databases, and web services. OpenXPKI leverages Connectors
            extensively, allowing attachment of external data sources for authentication, authorization, or publishing
            CRLs and certificates. This flexibility enables customization and seamless integration with surrounding
            infrastructure at a level unmatched by many competitors.</p>
        </div>
        <div class="col-md-5 order-md-1">
          <img src="img/connector.png"
            class="bd-placeholder-img bd-placeholder-img-lg featurette-image img-fluid mx-auto" width="500" height="500"
            alt="Connectors">
        </div>
      </div>


      <hr class="featurette-divider">




      <div class="row featurette">
        <div class="col-md-7">
          <h2 class="featurette-heading fw-normal lh-1">Credential Protection: <span
              class="text-body-secondary">Avoiding sensitive data in configuration files.</span></h2>
          <p class="lead">OpenXPKI allows exclusion of sensitive
            information, like database passwords, from (usually version-controlled) configuration files. This is
            achieved by either using local overlay files, or, even better, by leveraging the companion tool <a href="https://github.com/certnanny/KeyNanny" target="_blank"
              rel="noopener noreferrer">KeyNanny</a>. The native integration of KeyNanny, facilitated through a KeyNanny
            Connector, ensures secure handling of sensitive data, enhancing the overall security posture of the OpenXPKI
            configuration.</p>
        </div>
        <div class="col-md-5">
          <img src="img/secret.png" class="bd-placeholder-img bd-placeholder-img-lg featurette-image img-fluid mx-auto"
            width="500" height="500" alt="KeyNanny Integration">
        </div>
      </div>

      <hr class="featurette-divider">



      <div class="row featurette">
        <div class="col-md-7 order-md-2">
          <h2 class="featurette-heading fw-normal lh-1">Expose Any Workflow: <span class="text-body-secondary">Generic
              RPC interface.</span></h2>
          <p class="lead">The RPC interface in OpenXPKI enables the exposure
            of any workflow via an RPC endpoint. Within each PKI Realm, you can
            define an arbitrary number of RPC API endpoints accessible through
            HTTP/HTTPS GET/POST requests, depending on the web server
            configuration. Each RPC interface can be linked to a distinct
            workflow for efficient RPC call processing. This allows controlled
            exposure of business logic implemented the Workflow Engine of
            OpenXPKI to consumers while leveraging the powerful key management features
            provided by the OpenXPKI core.</p>
        </div>
        <div class="col-md-5 order-md-1">
          <img src="img/rpc.png" class="bd-placeholder-img bd-placeholder-img-lg featurette-image img-fluid mx-auto"
            width="500" height="500" alt="RPC Interface">
        </div>
      </div>


      <hr class="featurette-divider">


      <div class="row featurette">
        <div class="col-md-7">
          <h2 class="featurette-heading fw-normal lh-1">Command Line Driven
            Operating: <span class="text-body-secondary">Auditable, reproducible
              runtime administration.</span></h2>
          <p class="lead">OpenXPKI's operational tasks are executed via the
	  command line using a set of provided command line tools. Administrators can perform PKI tasks
	  in a textual form,
            enabling the exact description of administrative actions in change task descriptions or scripts.</p>
          <p class="lead">For instance, the import of a new Issuing CA
            certificate can be seamlessly conducted online without interrupting
            the OpenXPKI system. When configured properly, the system can
            automatically determine the correct private key for a specific CA
            certificate, even referencing the correct HSM-protected key when
            applicable. This capability facilitates performing Issuing CA rollovers without
            downtime and without altering the configuration, allowing the description or scripting of PKI operational
            tasks for ITIL-compliant change processes.</p>
        </div>
        <div class="col-md-5">
          <img src="img/openxpkiadm.png"
            class="bd-placeholder-img bd-placeholder-img-lg featurette-image img-fluid mx-auto" width="500" height="500"
            alt="CLI Tools">
        </div>
      </div>


      <!-- Resources  -->
      <div class="row">
        <h2 id="resources" class="pt-5 border-bottom">OpenXPKI Resources</h2>
        <div class="row row-cols-1 row-cols-sm-2 row-cols-md-2 row-cols-lg-3 g-2">
          <div class="col d-flex align-items-start">
            <div class="text-dark flex-shrink-0 me-3">
              <i class="bi bi-file-earmark-richtext" style="font-size:1.5em"></i>
            </div>
            <div>
              <h2>Documentation</h2>
              <p>Documentation for OpenXPKI Community Edition is <a href="https://openxpki.readthedocs.io/en/latest/"
                  rel="noopener noreferrer">available online via Read the Docs</a>.
                For first steps see the <a href="https://openxpki.readthedocs.io/en/latest/quickstart.html"
                  rel="noopener noreferrer">quickstart manual</a>.
                You should also check the comments in the configuration and the man pages of the application for more
	      details.</p>
	      <p>OpenXPKI Enterprise Edition comes with extensive documentation in PDF format, covering all aspects of the
	      software in detail.</p>
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="text-dark flex-shrink-0 me-3">
              <i class="bi bi-boxes" style="font-size:1.5em"></i>
            </div>
            <div>
              <h2>Packages</h2>
	      <p>Debian packages for the Community Edition are available from our
	      <a href="https://packages.openxpki.org/v3/bookworm" rel="noopener noreferrer">Debian 12 "Bookworm" package repository</a>.
	      A <a href="https://www.freshports.org/security/p5-openxpki/" rel="noopener noreferrer">FreeBSD Port of OpenXPKI</a> exists which
	      is not maintained by the OpenXPKI core development team, but by an independent maintainer.</p>
	      <p>OpenXPKI Enterprise Edition is available packaged for RedHat Enterprise Linux (RHEL), SuSE Linux Enterprise Server (SLES) and Ubuntu Server LTS.</p>
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="text-dark flex-shrink-0 me-3">
              <i class="bi bi-code-slash" style="font-size:1.5em"></i>
            </div>
            <div>
              <h2>Source Code</h2>
              <p>The <a href="https://github.com/openxpki/openxpki" rel="noopener noreferrer">complete source code</a> is
	      hosted on Github.
	      <a href="https://github.com/openxpki/openxpki/issues" rel="noopener noreferrer">Github Issues</a> may be used to notify us of bugs.
	      <b>Please do not use Github Issues for support queries</b>, use the
	      <a href="https://lists.sourceforge.net/lists/listinfo/openxpki-users" rel="noopener noreferrer">OpenXPKI Users Mailing List</a> instead.
	      We accept useful pull requests via Github.</p>
	      <p>You can also find a <a href="https://github.com/openxpki/openxpki-config" rel="noopener noreferrer">fully working example
                  configuration</a> there.
              </p>
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="text-dark flex-shrink-0 me-3">
              <i class="bi bi-person-raised-hand" style="font-size:1.5em"></i>
            </div>
            <div>
	      <h2>Support</h2>
	      <p>Sharing problems and solutions with OpenXPKI
            Community Edition fosters the Open Source idea,
	      and the OpenXPKI core team is committed to assist users with problems or questions that
	      may arise with OpenXPKI Community Edition.</p>
	      <p>For general support questions please use the
	      <a href="https://lists.sourceforge.net/lists/listinfo/openxpki-users" rel="noopener noreferrer">
                  OpenXPKI Users Mailing List</a> hosted by sourceforge.net. <b>Please do not create issues on the
	      Github Issue Tracker for support questions.</b></p>
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="text-dark flex-shrink-0 me-3">
              <i class="bi bi-eyeglasses" style="font-size:1.5em"></i>
            </div>
            <div>
              <h2>Test Drive</h2>
              <p>To get a hands-on impression of how OpenXPKI works, visit the <a href="https://demo.openxpki.org"
                  rel="noopener noreferrer">public
                  demo</a>
                or run the <a href="https://github.com/openxpki/openxpki-docker" rel="noopener noreferrer">example
                  configuration using docker</a>.
            </div>
          </div>

          <div class="col d-flex align-items-start">
            <div class="text-dark flex-shrink-0 me-3">
              <i class="bi bi-buildings" style="font-size:1.5em"></i>
            </div>
            <div>
              <h2>Professional Services</h2>
	      <p>The OpenXPKI team consists of cryptographic key management experts with vast experience designing and 
	      implementing numerous different PKIs of all scale.</p>
              <p>Feel free to <a href="mailto:openxpki@whiterabbitsecurity.com" style="color:#464646">reach out to the core developers</a>
                  at <a href="https://www.whiterabbitsecurity.com" rel="noopener noreferrer">White Rabbit Security</a>
	      for more information on OpenXPKI Enterprise Edition, professional services, and our various commercial support options.</p>
            </div>
          </div>
        </div>
      </div>

      <!-- Packages Section -->
      <div class="row">
        <h2 class="pb-2 pt-5 border-bottom" id="packages">OpenXPKI Editions, Support and Service Options Overview</h2>
        <div class="row g-2">
        <div class="col">
          <div class="card mb-4 rounded-3 shadow-sm">
            <div class="card-header py-3">
              <h4 class="my-0 fw-normal">OpenXPKI Community Edition</h4>
            </div>
            <div class="card-body">
              <ul class="list-styled mt-3 mb-4">
                <li>Comprehensive, fully functional code base</li>
                <li>Debian packages</li>
                <li>Example configuration</li>
                <li>Online documentation</li>
                <li>Support via mailing list</li>
                <li>100% free</li>
              </ul>
            </div>
          </div>
        </div>
        <div class="col">
          <div class="card mb-4 rounded-3 shadow-sm">
            <div class="card-header py-3">
              <h4 class="my-0 fw-normal">OpenXPKI Enterprise Edition</h4>
            </div>
            <div class="card-body">
              <ul class="list-styled mt-3 mb-4">
                <li>RHEL/SLES/Ubuntu packages</li>
                <li>Custom-built configuration</li>
                <li>Powerful extension modules available (e.g.,
      multi-tenancy, adapters to external/public CAs, full ITSM
      integration , GDPR compliant data retention)</li>
		<li>Extensive product documentation in PDF format</li>
                <li>Individual support with SLAs</li>
              </ul>
            </div>
          </div>
        </div>
        <div class="col">
          <div class="card mb-4 rounded-3 shadow-sm">
            <div class="card-header py-3">
              <h4 class="my-0 fw-normal">OpenXPKI as a Service</h4>
            </div>
            <div class="card-body">
              <ul class="list-styled mt-3 mb-4">
                <li>Health monitoring</li>
                <li>Logging and reporting</li>
                <li>Level-2 helpdesk</li>
                <li>Full operation support</li>
                <li>Cloud or OnPremise</li>
                <li>Flexible licensing</li>
                <li>HSM management</li>
                <li>SLAs available</li>
              </ul>
            </div>
          </div>
        </div>
      </div>
    </div>

    </div><!-- /.container -->


    <!-- FOOTER -->
    <footer class="container">
      <p class="float-end"><a href="#">Back to top</a></p>
      <p>&copy; 2023 White Rabbit Security GmbH &middot; <a href="https://www.whiterabbitsecurity.com/impressum/"
          rel="noopener noreferrer">Contact and Imprint</a></p>
    </footer>
  </main>
<script src="assets/bootstrap.bundle.min.js"></script>
</body>

</html>