The affordable alternative to Venafi

Enterprise PKI enrollment.
Without the enterprise price tag.

CertBridge turns your existing Microsoft ADCS into a self-service certificate portal with REST API, AD group permissions, audit logging, and expiry management. Up and running in under an hour.

Start free trial → See how it works
No agents required Works with existing ADCS Deploys in < 1 hour Full REST API

CertBridge vs the alternative

The old way
Venafi
$500k / year
  • 12-18 month sales cycle
  • Months of implementation
  • Rip and replace your CA
  • Requires dedicated headcount
  • Built for F500 only
vs
The smart way
CertBridge
$8k / year
  • Live in under an hour
  • Works on your existing ADCS
  • No agents, no rip-and-replace
  • Self-service portal + REST API
  • Built for mid-market teams
Features
Everything your PKI team needs
From self-service enrollment to full lifecycle management — built for teams running Microsoft ADCS.

AD group-based permissions

Map certificate templates to Active Directory groups. Users only see and can request templates they're permitted to use.

Self-service browser portal

4-step wizard for requesting certs. Works on Mac, Windows, and Linux. No domain membership required.

Full REST API

Automate certificate enrollment from any language. PowerShell and Python modules included. No browser required.

PFX export with password

Generate and download PFX bundles with private key for exportable templates. Password-protected at issuance.

Audit logging

Every authentication, enrollment, and revocation logged with timestamp, user, template, serial number, and IP.

Expiry management

Track all issued certificates. Get notified 90/60/30 days before expiry. One-click renewal from the dashboard.

Health monitoring

Built-in health endpoint for load balancers and monitoring tools. Tests CA connectivity on every call.

High availability

Deploy across multiple web servers behind a load balancer. Stateless architecture — any node handles any request.

White-label ready

Full branding control via config file. Your company name, colors, and contact — no CertBridge branding shown to end users.

How it works
Up and running in under an hour
CertBridge sits in front of your existing ADCS. No CA changes, no agents, no rip-and-replace.
1

Install on IIS

Run the installer on any Windows Server with IIS. One PowerShell script, no manual config.

2

Point to your CA

Edit certbridge.json with your CA config string, AD domain, and branding.

3

Map AD groups

Set which AD groups can request each certificate template. Users only see what they can use.

4

Start issuing

Users log in with AD credentials and request certs from any browser or via REST API.

API-first, from day one

Every feature available in the browser portal is also available via REST API. Automate certificate enrollment from your CI/CD pipelines, Ansible playbooks, or any script.

PowerShell Python curl Any HTTP client 
# Request a cert — no browser needed
$ python certbridge.py \
    --cn myapp.company.com \
    --template WebServer \
    --app-name MyApp \
    --out ./certs
 
# Output
Certificate Successfully Issued!
  Serial    : 6E00000B0E66B3F7...
  Valid Until: 2028-05-20
  Files saved: myapp.pem, myapp.cer
Pricing
Simple, honest pricing
Annual subscription. No per-cert fees. No agent licensing. Cancel anytime.
Starter
$8k / year
For small teams getting started with PKI automation.
  • 1 Microsoft CA
  • 500 active certs
  • Browser portal
  • REST API
  • AD authentication
  • Audit logging
  • Email support 48hr
Start free trial
Most popular
Professional
$24k / year
For growing organizations with multiple sites or CAs.
  • 3 Microsoft CAs
  • Unlimited certs
  • Everything in Starter
  • Expiry notifications
  • Renewal workflow
  • Revocation portal
  • API keys + webhooks
  • Phone support 8hr
Start free trial
Enterprise
$60k / year
For large organizations needing SSO, RBAC, and multi-tenant.
  • Unlimited CAs
  • Unlimited certs
  • Everything in Pro
  • Azure AD / Okta SSO
  • Role-based access
  • Multi-tenant
  • Dedicated support 2hr
  • SLA guarantee
Contact sales
MSP / Reseller
$120k / year
White-label rights for managed service providers.
  • Unlimited tenants
  • White-label branding
  • Everything in Enterprise
  • Your logo, your pricing
  • Revenue share option
  • Partner portal
  • Dedicated CSM
Contact sales

Ready to replace certsrv?

Start a 30-day free trial. No credit card required. Deploys on your infrastructure — your data never leaves your network.

Start free trial → Schedule a demo