Skip to main content
Infisical can be used to create and manage Certificate Authorities (CAs) and issue digital X.509 certificates. This allows you to manage PKI infrastructure and issue certificates for end-entities such as load balancers, web servers, devices, and more. It helps teams automate certificate management including enrollment and renewal, and adopt secure workflows to ensure certificates remain valid, trusted, and synchronized across infrastructure. Core capabilities include:
  • Private CA: Create and manage your own private CA hierarchy including root and intermediate CAs.
  • External CA integration: Integrate with external public and private CAs including Azure ADCS and ACME-compatible CAs like Let’s Encrypt and DigiCert.
  • Certificate Enrollment: Support enrollment methods including API, ACME, EST, and more to automate certificate issuance for services, devices, and workloads.
  • Certificate Inventory: Track and monitor issued X.509 certificates, maintaining a comprehensive inventory of all active and expired certificates.
  • Certificate Lifecycle Automation: Automate issuance, renewal, and revocation with policy-based workflows, ensuring certificates remain valid, compliant, and up to date across your infrastructure.
  • Certificate Syncs: Push certificates to cloud certificate managers like AWS Certificate Manager and Azure Key Vault.
  • Certificate Alerts: Receive alerts and webhook events for certificate lifecycle changes such as certificate expiration.