Private SSL

Private SSL is an Alpacon extension that provides complete PKI (Public Key Infrastructure) management for your internal infrastructure. Create your own certificate authorities, issue SSL/TLS certificates, and manage the full certificate lifecycle.

Private SSL is available for Enterprise workspaces only. Contact sales@alpacax.com to enable this extension.

Why Private SSL?

Internal certificate management: Issue certificates for internal services, development environments, and private networks without relying on public CAs.

Full control: Manage your own root CA, set validity periods, and control the entire certificate lifecycle.

Approval workflow: Require administrator approval for certificate signing and revocation requests.

Automatic installation: Optionally install certificates directly to Alpacon-managed servers.

How it works

┌─────────────────┐     ┌─────────────────┐     ┌─────────────────┐
│  1. Create CA   │────▶│  2. Sign        │────▶│  3. Certificate │
│                 │     │     Request     │     │     Issued      │
│  Set up root    │     │                 │     │                 │
│  certificate    │     │  Submit CSR     │     │  Admin approves │
│  authority      │     │  for signing    │     │  and signs      │
└─────────────────┘     └─────────────────┘     └─────────────────┘
                                                        │
                                                        ▼
                                                ┌─────────────────┐
                                                │  4. Manage      │
                                                │                 │
                                                │  Monitor,       │
                                                │  download, or   │
                                                │  revoke certs   │
                                                └─────────────────┘

Private SSL appears under Operation in the sidebar with three pages:

Page	Description
Requests	View and manage sign requests and revoke requests
Certificates	Browse issued certificates and expiring certificates
Authorities	Create and manage certificate authorities

Getting started

1. Enable the extension

Contact sales@alpacax.com to enable Private SSL for your workspace.

2. Create a certificate authority

Navigate to Operation → Private SSL → Authorities
Click New certificate authority
Configure the CA settings:
- Name: Common name for the CA (e.g., “My Company Root CA”)
- Organization: Your organization name
- Domain: Domain name for the root certificate
- Validity: Root certificate validity period (default: 3650 days)
- Key algorithm: RSA or ECDSA
- Server: Select a server to run the CA plugin

Learn more about authorities →

3. Create a sign request

Create a new sign request from the CLI:

alpacon csr create

Configure SANs, validity period, and other settings in the interactive editor, then wait for administrator approval.

Learn more about requests →

4. Download or install the certificate

Once approved, download the certificate from the Certificates page or use automatic installation if configured.

Learn more about certificates →

CLI commands

Manage Private SSL from the command line:

Command	Description
`alpacon authority`	Manage certificate authorities
`alpacon csr`	Manage sign requests
`alpacon cert`	View and download certificates
`alpacon revoke`	Manage revocation requests

Key concepts

Certificate authority (CA): A trusted entity that issues and signs certificates. In Private SSL, you create your own CA to sign internal certificates.

Sign request: A certificate signing request (CSR) submitted for approval. Once approved, the CA signs it and issues a certificate.

Certificate: A signed digital certificate that can be used for TLS/SSL encryption on your servers.

Revoke request: A request to invalidate a certificate before its expiration date. Requires administrator approval.