Open Source · MIT License

Website open-ca.eu

Operational Server: Germany License: MIT

What we built

Real applications. Real trust.

Digital trust is invisible infrastructure — until you need it. open-ca.eu makes it tangible: free tools anyone can use today, backed by open-source cryptographic infrastructure built to last 25 years.

Start here

What can you do right now?

open-smime.eu

Get your S/MIME certificate

Cryptographically prove who you are when you send email. Works in Outlook, Apple Mail, Thunderbird. Free, no account required for the basic tier.

Create certificate →

open-email.eu

The world’s first email with automatic send proof

Every email you send gets a cryptographic timestamp and hash. Proof of exactly what you sent, to whom, and when — better than a registered letter. Better than fax.

Send provable email →

open-tsa.eu

Timestamp any document

RFC 3161 cryptographic proof that your document, contract, or code existed at a specific point in time. Free. No account. Legally relevant in the EU.

Timestamp now →

euforge.eu

Host your code in Europe

Git hosting with built-in OIDC authentication and automatic TSA commit signing. Every commit cryptographically timestamped. No US cloud, no Cloud Act.

Explore euforge →

open-mta.eu

European mail infrastructure

The open mail transfer backbone behind open-email.eu. Self-hostable, auditable, GDPR-compliant by architecture. For organisations that need full control.

Learn more →

open-ca.eu

The root of trust

The certificate authority behind everything. 4-tier hierarchy, air-gapped root key, 25-year validity. Issues intermediate CAs for every open-ca.eu project.

CA documentation →

Architecture

One root. Many services.

All open-ca.eu projects share a common cryptographic root. The hierarchy is designed for long-term stability — the root key never touches an online system.

open-ca.eu Root CA                     (2026-2051, 25 years, air-gapped)
    +-- open-tsa.eu TSA Root CA        (2026-2041, 15 years)
    |       +-- TSA Intermediate CA    (2026-2036, 10 years)
    |               +-- TSA Signing    (2 years, rotated)
    +-- open-smime.eu S/MIME CA        (roadmap)
    +-- open-email.eu MTA CA           (roadmap)
    +-- euforge.eu Code Signing CA     (roadmap)

Principles

Why open-ca.eu?

European by Design

All servers in Germany. No US cloud, no Cloud Act exposure. GDPR compliant by architecture — not by policy or promise.

Truly Open Source

MIT licensed. Every line of code is public. Self-host the entire stack if you want full control. No vendor lock-in, ever.

Free Forever

Core services are and will remain free. Supported by NLnet, Sovereign Tech Fund, and the community — not by selling user data.

Get Involved

Open CA is free forever.

Open source. Self-hostable. Built in Europe.


Server: Germany.

Service

Project

Legal

© 2026 · MIT License Not eIDAS-qualified · Free forever · Germany