Documentation

PRISM

PKI Resources & Infrastructure Security Manager — full certificate lifecycle management, locally on your device.

Download

macOS V7.0.4 Windows V7.0.4

Requires macOS 14 Sonoma or later / Windows 10 or 11.

Installation

macOS

  1. Download the .dmg file and open it.
  2. Drag PRISM.app to your Applications folder.
  3. On first launch, right-click the app and choose Open — or go to System Settings → Privacy & Security → Open Anyway.
  4. Enter your license key when prompted. PRISM checks the key locally — no account required.

Windows

  1. Download the .exe installer and run it.
  2. If Windows Defender shows a warning, click More info → Run anyway.
  3. Follow the installer prompts. PRISM installs to %LocalAppData%\PRISM by default.
  4. Enter your license key on first launch.

Tools

CSR Generator

Generate RFC 2986-compliant Certificate Signing Requests with SANs, RSA (2048–4096 bit) or ECC (P-256, P-384, P-521) keys, and optional AES-256 private key encryption.

Chain Builder

Drop in a leaf certificate and PRISM automatically fetches issuer certificates from your system keychain to build a complete, correctly-ordered PEM chain.

Custom Chain

Manually assemble a chain from your own CA files. PRISM validates ordering and outputs a clean PEM bundle.

PFX / P12 Generator

Bundle a certificate chain and private key into a password-protected PFX. Supports AES-256-CBC, AES-128-CBC, 3DES, and legacy encryption modes.

Key Extractor

Pull the private key and/or certificates out of any PFX/P12 file in one step.

Crypt Walk

Inspect any certificate — subject, issuer, SANs, validity dates, key algorithm, signature algorithm — at a glance.

Certificate Inventory

Track your certificate library with expiry alerts, tags, notes, search, and CSV import/export. Create Certificate Bundles to group lifecycle files (CSR, key, cert, chain, PFX) with optional encrypted vault storage.

ClearPass Deploy

Push certificates directly to Aruba ClearPass over the REST API. Requires ClearPass API credentials.

Certificate Bundles

Certificate Bundles let you group all files from a certificate lifecycle under one inventory entry. When you generate a CSR, PRISM will ask if you want to create a bundle. Choose from three storage modes:

  • Metadata Only — track certificate details only, no file storage.
  • Master Password Vault — all files encrypted with PBKDF2-SHA256 + AES-256-GCM. No password recovery.
  • Keychain Vault — private key encrypted via macOS Keychain; other files tracked by path.

See the Security Model page for full technical details on vault encryption.

ClearPass API Setup

To use the ClearPass Deploy tool, you need an API client with the following configuration in ClearPass Guest:

  1. Go to Administration → API Clients → Create API Client.
  2. Set the Grant Type to client_credentials.
  3. Set Operator Profile to a profile with certificate upload rights.
  4. Copy the Client ID and Client Secret into PRISM's ClearPass settings.

A new client secret must be generated each session. You can shorten the Access Token Lifetime in ClearPass for better security.

Auto-Updates (macOS)

PRISM uses Sparkle for automatic updates on macOS. When a new version is available, you'll see a notification in the app. Updates are downloaded and verified before installation.

License

PRISM is released under the MIT License. Copyright © 2024–2026 CMDLAB.