Your PKI,
one install away.
The self-hosted certificate authority with a modern web UI. Create, manage, discover, and automate your certificates — no YAML, no CLI expertise needed.
docker run -d -p 8443:8443 neyslim/ultimate-ca-manager
Up and running in 60 seconds
Choose your platform. One command, full PKI.
docker run -d --restart=unless-stopped \
--name ucm \
-p 8443:8443 \
-p 8080:8080 \
-v ucm-data:/opt/ucm/data \
neyslim/ultimate-ca-manager:latest
Then open
https://localhost:8443
and log in with
admin /
changeme123
A complete PKI platform,
not just a CLI tool.
Everything from your root CA down to network discovery — in one self-hosted app.
CA Hierarchy
Build complete trust chains from the web UI — no openssl gymnastics.
- Root & intermediate CAs
- Full chain management
- Offline / HSM-backed keys
Certificate Lifecycle
Issue, sign, renew, revoke and export — in bulk when you need it.
- PKCS#12 / PEM / DER export
- Auto-renewal & expiry alerts
- RFC 5280 / CA-B Forum linting
ACME Server
RFC 8555 + ARI (RFC 9773). Works with certbot, acme.sh, Caddy.
Discovery
Scan your network, find every certificate, auto-import.
SCEP & EST
RFC 8894 & 7030 enrollment for devices and MDM.
HSM Support
PKCS#11 — SoftHSM, Azure Key Vault, Google Cloud KMS.
SSH CA
Sign user & host keys, manage SSH certificates.
CRL & OCSP
Delta CRL, public CDP, OCSP responder (RFC 6960).
Microsoft ADCS
Sign CSRs via ADCS. Template discovery, EOBO support.
Reports & Webhooks
Scheduled PDFs, email alerts, 15+ webhook events with retry.
A UI you'll actually want to use
Not just a CLI with a web wrapper. A real, modern interface — on desktop and mobile.
Fully responsive
Manage your PKI from any device.