At Keytos, our goal is to make EZCA, our cloud PKI service, easy-to-use for every person in the world. One way to make this a reality is by removing humans as much as possible from the equation. To help companies achieve this goal, we have created a sample C# console application for Windows and Linux that can:
- Register a new domain in EZCA
- Create a new certificate
- Renew an existing certificate
- Create a Domain Controller Certificate
- Create SCEP Certificates for Unmanaged Devices
This application can be used in combination with Windows Task Scheduler or Linux cron jobs to automatically renew certificates before they expire, ensuring that your systems remain secure and compliant without manual intervention.
This application supports Windows, Mac, Linux platforms:
- Windows: Uses Windows Certificate Store and Windows-specific APIs (CertEnroll, Active Directory, RDP configuration)
- Linux: Uses file-based certificate storage in
~/.local/share/keytos/certs(user store) or/etc/keytos/certs(machine store) - Mac: Uses Mac Keychain Access
Note: Some features are Windows-specific:
- RDP certificate configuration (requires Windows)
- Domain Controller certificate features (requires Active Directory)
- Windows Certificate Store integration
- Navigate to the Releases section.
- Download the latest executable for your operating system.
- Download
EZCACertManager.exefrom the latest release. - Open PowerShell or Command Prompt and navigate to the download location.
- Run the executable directly:
.\EZCACertManager.exe --help
- (Optional) Add the directory to your
PATHso you can run it from anywhere:To make this permanent, add it via System Properties → Environment Variables.$env:PATH += ";C:\path\to\EZCACertManager"
- Download
EZCACertManager(macOS binary) from the latest release. - Open Terminal and navigate to the download location.
- Make the binary executable:
chmod +x ./EZCACertManager
- Run it:
./EZCACertManager --help
- (Optional) Move it to a directory on your
PATH:Then run from anywhere:sudo mv ./EZCACertManager /usr/local/bin/EZCACertManager
EZCACertManager --help
- Download
EZCACertManager.deb(Linux binary) from the latest release. - Open a terminal and navigate to the download location.
- Install it:
sudo apt install ./EZCACertManager.deb
- Run it:
EZCACertManager --help
Please refer to the Keytos documentation for instructions on how to use the tool and example commands!
If you want to contribute or customize the application, you can clone the repository and build it using .NET 10 SDK. Make sure to have the necessary dependencies installed and follow the Keytos code best practices for contributions.
We have included unit tests for the core functionalities of the application. To run the tests, use the following command in the project directory
First you have to add the environment variables for your tests (Fill in the values for your environment, if you are a Keytos Engineer ask Grayson or Igal for the internal values):
$env:EZCA_SSL_CA_ID=""
$env:EZCA_SSL_CA_ISSUER=""
$env:TEMPLATE_NAME=""
$env:EZCA_SCEP_CA_ID=""
$env:EZCA_SCEP_TEMPLATE_ID=""
$env:EZCA_SCEP_URL=""
$env:EZCA_SCEP_PASSWORD=""
$env:APP_INSIGHTS_INSTRUMENTATION_KEY=""
$env:CA_SUBJECT_KEY_IDENTIFIER=""For windows, since we have certenroll and other windows specific dependencies, we must build it using the msbuild command instead of dotnet build, to ensure the correct target framework is used.
MSBuild.exe .\DotNetCertAuthSample\DotNetCertAuthSample.Test\DotNetCertAuthSample.Test.csproj /t:Build /p:Configuration=Debug /p:TargetFramework=net10.0-windowsIf you can't find the msbuild command, it is probably here: C:\Program Files\Microsoft Visual Studio\18\Community\MSBuild\Current\Bin\MSBuild.exe (path may vary based on your Visual Studio version and edition but this is 2026).
Then you can run the tests using the following command:
$vsTest = "C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\TestWindow\vstest.console.exe"
& $vsTest .\DotNetCertAuthSample\DotNetCertAuthSample.Test\bin\Debug\net10.0-windows\DotNetCertAuthSample.Test.dll