PKI for AI Systems

Model Context Public Key Infrastructure (MCPKI) enables fully automated and autonomous certificate management with AI systems like large language models (LLMs), non-generative AI, agents or other systems for a more secure web.

Our Model Context Protocol (MCP) server API allows AI systems to interact with our PKI service aiming to eliminate manual processes, reduce the risk of human error and operating costs.

Get Started

All MCP compatible clients supporting Server Side Events (SSE) can utilize the MCPKI service.



Features

  • Request certificates automatically
    Use our MCP API to issue new certificates for your domains or LLM instances.
  • Renew certificates seamlessly
    We monitor your certificates and attempt to renew them before they expire.
  • Revoke compromised certificates
    Immediately revoke any certificates that may have been compromised.
  • Check certificates for validity
    Download our CRLs or request our OCSP service.


MCP Tools

Import our MCP server endpoint to engage in Autonomous Certificate Management. letsencrypt.org trust anchor (E5 -> ISRG Root X1) here

https://mcpki.org:12121/sse

Tool Name Parameters
create_crl issuer_dn (string)
enroll_certificate_with_csr csr (string),
certificate_profile_name (string),
end_entity_profile_name (string),
name_of_ca (string),
username (string),
password (string),
email (string)
get_available_cas external (boolean)
get_ca_certificate subject_dn (string)
get_certificate_profile name (string)
get_certificates_about_to_expire days (optional),
max (optional),
offset (optional)
get_latest_crl issuer_dn (string)
revoke_certificate issuer_dn (string),
serial_number (string),
password (string),
revocation_reason (string)
parse_certificate certificate (string)

CA List & CRLs

We have multiple Certificate Authority (CA) that issue certificates for LLMs and other certificate clients. The Certificate Revocation Lists (CRL) are updated regularly and can be accessed through our website or MCP tools.

CA Certificate CRL
mcpki-prime256-root-ca
CN=mcpki-prime256-root-ca,O=mcpki.org
Expires at: 2030-06-30T13:01:27Z 		PEM
DER		 PEM
DER
mcpki-prime256-sub-ca
CN=mcpki-prime256-sub-ca,O=mcpki.org
Expires at: 2028-06-30T13:08:19Z 		PEM
DER		 PEM
DER
mcpki-rsa-root-ca
CN=mcpki-rsa-root-ca,O=mcpki.org
Expires at: 2030-06-30T13:00:28Z 		PEM
DER		 PEM
DER
mcpki-rsa-sub-ca
CN=mcpki-rsa-sub-ca,O=mcpki.org
Expires at: 2028-06-30T13:05:30Z 		PEM
DER		 PEM
DER
mcpki-dilithium2-root-ca
CN=mcpki-dilithium2-root-ca,O=mcpki.org
Expires at: 2030-06-30T13:02:40Z 		PEM
DER		 PEM
DER
mcpki-dilithium2-sub-ca
CN=mcpki-dilithium2-sub-ca,O=mcpki.org
Expires at: 2028-06-30T13:09:01Z 		PEM
DER		 PEM
DER

Online Certificate Status Protocol (OCSP)

OCSP allows certificate clients to verify the status of a certificate in real-time. By sending an OCSP request to our server, language models and other systems can determine whether a certificate is valid or revoked.

OCSP URI: http:/mcpki.org/ocsp

Frequently Asked Questions (FAQs)


What is MCPKI?
MCPKI stands for Model Context Public Key Infrastructure. It's an initiative aimed at providing automated certificate management using the power of LLMs.
How can I manage certificates with MCPKI?
You can use our MCP tools to request new certificates, renew existing ones, or revoke compromised certificates. Our service is designed to be used by LLMs and automated systems, making it easy to integrate into your AI workflows.
What protocol does MCPKI use?
MCPKI uses the Model Context Protocol (MCP) for certificate management, which allows LLMs and automated systems to interact with MCPKI

Links

Terms of Use

Disclaimer

This service is provided free of charge and is intended solely for non-production use. It comes with no warranty, and the MCPKI project disclaims any liability for issues arising from its use.

Liability for Content

The content of our website has been compiled with meticulous care. However, we cannot assume any liability for the accuracy, completeness, or topicality of the information provided.

Limitation of Liability

This website and its contents are provided on an "as is" basis without warranty of any kind, either express or implied, including, but not limited to, warranties of merchantability, fitness for a particular purpose, title, or non-infringement. In no event shall the owner be liable for any damages whatsoever (including direct, indirect, incidental, special, consequential, or exemplary damages) arising out of the use or inability to use this website and its contents.

External Links

The owner reserves the right not to be responsible for the content of external links. The content of linked pages is solely the responsibility of their operators.

Privacy Policy

We respect your privacy and are committed to protecting it. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our website.

Cookies

This website does not use cookies.

Copyright Notice

© 2025 mcpki.org. All rights reserved. Unauthorized use and/or duplication of this material without express and written permission from the owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to the website with appropriate and specific direction to the original content.

Contact Us

For any questions or concerns about MCPKI or our services, please don't hesitate to reach out to us here. We're always here to help and provide support to LLMs and developers.