Your private certificate authority
signme lets you issue and manage TLS certificates for internal services — without depending on public CAs.
Internal PKI
Root and Intermediate CAs with offline key support. Full certificate hierarchy in one place.
External CAs
Obtain publicly trusted certificates from Let's Encrypt or any ACME CA with automatic dns-01 challenges.
ACME Server & Proxy
Built-in ACME server for internal certs. Proxy mode forwards requests to Let's Encrypt transparently.
OIDC & Groups
Sign in with any OIDC provider. Control who can issue certificates through group-based access.
Encryption at Rest
Private keys are encrypted server-side. Download requires authentication and a decryption password.
Revocation & CRL
Revoke certificates and CAs instantly. CRL endpoints keep relying parties informed automatically.