Private PKI and CA for your private cloud.

Generate SSL/TLS X.509 and SSH digital certificates for servers, databases, workloads and users after a successful OIDC SSO Login. Enforce Zero Trust Security within your organization.

Learn more View Demo Get started for free

Automated Certificate Management

BastionXP PKI/CA automates SSL/TLS X.509, SSH certificate creation, signing, distribution and revocation.

Identity Based Access Control

Certificates are tied to host and end user identity. Certificates are issued only after a successful SSO login using Two-Factor Authentication(2FA).

Avoids Public Key Sprawl

Issues short-lived client SSH, SSL/TLS X.509 client certificates to end users, eliminating the risks associated with public key sprawl.

Zero Trust Security

Generate SSL/TLS X.509 server and client certificates for mutual TLS(mTLS) to enable client authentication and end-to-end encryption.

Auditing & Compliance

All user activities are logged to provide a detailed log trail for auditing and compliance purposes. Logs can be analyzed later using a log analyzer to identify anomaly.

Role Based Access Control

Assign roles to your team members and restrict access to your cloud resources using RBAC policies.

BastionXP Certificate Manager Demo

BastionXP CA generates SSL/TLS X.509 based on user identity. BastionXP supports SSO and 2FA login using IAM providers such as MS Azure 365 Active Directory, Google G-Suite, Keycloak, Okta, AWS IAM, GitHub SSO and others.

Watch this quickstart demo video to see how BastionXP PKI/CA automates creation, signing and distribution of SSL/TLS X.509 to servers, clients and end users.

BastionXP SSO Based SSH Access Demo

BastionXP CA can also generate SSH certificates based on user identity.

Watch this demo video to understand how BastionXP PKI/CA automates creation, signing and distribution of SSH certificates to end users after a successful GitHub SSO + 2FA Login as an example.

BastionXP SSH Session Recording Demo

Watch this demo video to see how BastionXP SSH bastion host records live SSH sessions and provides a video-like playback option for auditing purposes.

Secure access that doesn't complicate your workflow

BastionXP PKI/CA automates and simplifies SSL/TLS X.509, SSH certificate creation, signing and distribution without affecting your workflow.

Single command to generate SSL/TLS and SSH certificates for end users who need SSH or mTLS based access to cloud resources.
Secure access to cloud resources using short-lived SSL/TLS and SSH client certificates tied to user identity.
Short-lived client certificates avoid problems associated with public key sprawl.
Simplified and preconfigured Bastion Host that comes out of the box.
Audit logs of user activities and session recording make auditing and compliance easy.

BastionXP is built for organizations that need to enforce Zero Trust Security. BastionXP private PKI/CA simplifies and automates secure access to any resource anywhere without comprimising security.

Start Your Free Trial Now

Try BastionXP for free with no commitments. No credit card required.

Get Started For Free

Frequently Asked Questions

What is BastionXP?

BastionXP is a Public Key Infrastructure (PKI) / Certificate Authority (CA) that integrates with Identity and Access Management(IAM) software to create, sign and distribute SSH and SSL/TLS X.509 certificates to servers and end-users upon successful SSO login via OAuth providers such as Google G-Suite, Microsoft Office 365, Okta, Keycloak, GitHub and more.

BastionXP acts as a private PKI/CA for your organization to authenticate access to your cloud resources and enable end-to-end encryption for all communication between your cloud resources and end user access.

BastionXP also has a built-in SSH proxy server that can be configured to function as an SSH bastion host. BastionXP works seamlessly with OpenSSH server and client software.
Can I get a free trial version of BastionXP?

Yes. You can download and try the free version of BastionXP. Please refer to our documentation on BastionXP "Getting Starting" guide. Remember that the free trial version comes with a limited feature set without the enterprise features. If you want to try the Enterprise Version, please write to us: [email protected].
What features are available in the enterprise version of BastionXP?

BastionXP Enterpise version supports:

a) Private PKI/CA that generates SSL/TLS X.509 and SSH server/client certificates.

b) Google G-Suite, Microsoft Office 365, Okta, Keycloak, and AWS IAM based SSO/OAuth.

c) Role Based Access Control using Microsoft Azure Active Directory, Okta, Keycloak or any IAM.

d) Session Recording.

e) Priority customer support.
Can I host BastionXP in AWS?

BastionXP solution is a cloud native application that is cloud vendor agnostic. It works seamlessly in any cloud including AWS, GCP, Azure or Digital Ocean cloud.
Can you provide a cloud hosted version of BastionXP as a SaaS offering?

Yes. We offer a cloud hosted version of BastionXP as a SaaS offering. You can try the cloud version for free for 14-days. No credit card required.
How to enquire for sales, demo and pricing?

Please write to [email protected] for sales, queries, pricing and demo request.

Contact Us

We'd love to hear your feedback, comments, and suggestions. Write to us at:

[email protected]