ZerdgeCerts Certificate Authority

Free, Long-Lived Certificates for Internal Infrastructure

Operational & Issuing
📅
2126
Valid Until
🔄
CRL
Revocation Support
🌐
IP + Domain
Certificate Types
⚡
Remote
Issuance & Revocation

đŸŽ¯ What is ZerdgeCerts?

ZerdgeCerts is a private Certificate Authority designed for internal infrastructure, development environments, and scenarios where public CAs like Let's Encrypt cannot be used.

ℹī¸ Key Features

  • 100+ year validity period (expires 2126)
  • Public CRL endpoint for real-time revocation checking
  • Support for both domain names and IP addresses
  • Remote certificate issuance and revocation
  • Perfect for homelabs, private networks, and IoT devices

đŸ“Ĩ Download Root Certificate

To trust certificates issued by ZerdgeCerts, you need to install the root certificate on your devices.

🔑 Download Root Certificate

📋 Certificate Information

Common Name: ZerdgeCerts Root CA Issuer: Self-Signed Valid From: February 14, 2026 Valid Until: January 21, 2126 CRL Distribution Point: https://iamcheese-man.github.io/Certificates/CertRevokeList SHA-256 Fingerprint: fa 8b 46 fa 03 a8 1d 02 56 1e a2 b9 b5 24 59 9c 91 db 01 93 c5 36 4b 79 ca c1 1c c9 d1 6e e5 ab

🔄 Certificate Revocation List (CRL)

ZerdgeCerts maintains a public CRL endpoint for real-time certificate revocation checking. This ensures that revoked certificates are no longer trusted.

CRL Endpoint

https://github.com/iamcheese-man/Certificates/blob/main/CertRevokeList/crl.json

Check Certificate Status

To verify if a certificate has been revoked, download the CRL and check against the certificate serial number:

# Download the CRL curl -O https://iamcheese-man.github.io/Certificates/CertRevokeList/crl.json # View CRL contents openssl crl -in crl.pem -noout -text # Check specific certificate openssl verify -crl_check -CAfile root.crt -CRLfile crl.pem cert.pem

đŸ’ģ Installation Instructions

Windows

# Run as Administrator certutil -addstore -f "Root" ZerdgeCertsCA.crt

macOS

# Install to system keychain sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ZerdgeCertsCA.crt

Linux (Ubuntu/Debian)

# Copy to certificates directory sudo cp ZerdgeCertsCA.crt /usr/local/share/ca-certificates/ # Update certificate store sudo update-ca-certificates

Firefox (All Platforms)

Firefox uses its own certificate store:

  1. Open Firefox → Settings → Privacy & Security
  2. Scroll to "Certificates" → Click "View Certificates"
  3. Go to "Authorities" tab → Click "Import"
  4. Select ZerdgeCertsCA.crt
  5. Check "Trust this CA to identify websites"

✅ Use Cases

ZerdgeCerts is ideal for scenarios where public certificate authorities cannot be used:

🏠 Homelab Infrastructure

Secure your internal services without the complexity of Let's Encrypt DNS challenges.

📱 IoT Devices

Issue certificates for devices with IP addresses that public CAs won't sign.

🔒 Private Networks

Secure air-gapped or offline networks where external validation is impossible.

👨‍đŸ’ģ Development Environments

Test TLS configurations with realistic certificates in local environments.

đŸĸ Internal Corporate Services

Better than self-signed certificates for internal web applications.

🎓 Educational Projects

Learn PKI concepts with a real working certificate authority.

⚠ī¸ Important Limitations

⚠ī¸ Not for Public Websites

ZerdgeCerts is NOT trusted by default in browsers or operating systems. It is designed for internal use only. For public-facing websites, use Let's Encrypt or a commercial CA.

⚠ī¸ Manual Trust Required

Users must manually install the root certificate on each device. This makes it unsuitable for public services where you cannot control client devices.

🤝 Request a Certificate

Need a certificate issued by ZerdgeCerts? Certificate issuance requires proof of ownership to prevent mis-issuance.

⚠ī¸ Verification Required

You must prove ownership of the domain or IP address before a certificate will be issued. This ensures certificates are only issued to legitimate owners and prevents abuse.

📋 How to Request

📧 Contact Information

To request a certificate or report security issues:

📝 Required Information

Include the following in your certificate request:

✅ Ownership Verification Methods

You will be asked to prove ownership using one of these methods:

🌐 DNS TXT Record

Add a specific TXT record to your domain's DNS. This proves you control the domain's DNS settings.

_zerdgecerts-challenge.example.com TXT "verification-token-12345"

📄 HTTP File Challenge

Host a specific file at a well-known URL on your web server to prove control.

http://example.com/.well-known/ zerdgecerts-challenge.txt

📧 Email Verification

Receive a verification code at admin@, postmaster@, or webmaster@ for your domain.

admin@example.com postmaster@example.com webmaster@example.com

🔌 IP Address Verification

For IP-based certificates, run a temporary service on a specific port to prove control.

# Listen on specified port nc -l 192.168.1.100 8443

🔐 Certificate Signing Request

Submit a CSR proving you control the private key for the requested certificate.

openssl req -new -key private.key -out request.csr

📸 Screenshot/Documentation

For internal IPs or special cases, provide evidence of infrastructure ownership (router admin, etc.).

⏱ī¸ Processing Time

Once ownership is verified, certificates are typically issued within 24-48 hours. Verification must be completed before issuance.

🔐 Security & Transparency

Root Key Security

Information about how the root private key is stored and protected.

Issuance Policy

What We Won't Issue

Incident Response

If you discover a mis-issued certificate or security issue, please report it immediately through GitHub issues or email. Compromised or mis-issued certificates will be revoked within 24 hours of verification.