Can I use this package to build a self-hosted Certificate Authority (CA) for Laravel applications?

Yes, this package provides all the tools needed to create a self-hosted CA. You can generate X.509 certificates, manage private keys, and issue certificates programmatically. For Laravel, you can integrate it with Artisan commands or middleware to automate certificate issuance and validation, replacing cloud-based CAs like AWS ACM or Sectigo.

How do I integrate this PKI framework with Laravel’s authentication system (e.g., Sanctum or Passport)?

You can extend Laravel’s authentication by validating certificates in middleware or guards. For Sanctum/Passport, use the package to decode and verify client certificates before issuing tokens. The framework’s modular design lets you focus only on certificate validation logic without bloating your auth stack.

Does this package support mutual TLS (mTLS) for service-to-service communication in Laravel?

Absolutely. The package includes tools to parse and validate X.509 certificates, making it perfect for mTLS in Laravel. You can create middleware to validate client certificates in HTTP requests, ensuring secure communication with services like Istio or Linkerd. Combine it with Laravel’s middleware stack for seamless integration.

What Laravel versions are compatible with spomky-labs/pki-framework?

This package requires PHP 8.1+, so it works with Laravel 9 and 10. For Laravel 11 or future versions, check the package’s changelog or test compatibility early, as Laravel’s PHP version requirements may shift. Pin to LTS Laravel versions (e.g., 10.x) for stability in production.

How do I store private keys securely in Laravel when using this PKI framework?

Avoid storing private keys in plaintext. Use Laravel’s encryption services (e.g., `config['app.cipher']`) or integrate with HSMs like AWS KMS or HashiCorp Vault. For added security, combine this with Laravel’s filesystem encryption or a dedicated secrets manager. Never commit private keys to version control.

Can I use this package to parse and validate certificates in a Laravel middleware for API gateways?

Yes, the package’s `Certificate` class can decode and validate X.509 certificates, making it ideal for middleware. Create a custom middleware (e.g., `ValidateCertificate`) to check client certificates in API requests. This works well for mTLS in microservices or API gateways like Kong or Traefik.

What are the performance implications of using this package for bulk certificate operations?

For bulk operations (e.g., issuing 10,000+ certificates), performance may vary. Benchmark against PHP’s `ext-openssl` for critical paths. Use Laravel’s queue system to offload heavy tasks (e.g., certificate generation) to workers. Enable GMP/BCMath in PHP for faster cryptographic operations.

How do I handle certificate revocation in Laravel (e.g., CRL or OCSP)?

The package supports CRL (Certificate Revocation Lists) and OCSP (Online Certificate Status Protocol). Cache revocation data in Redis and use Laravel’s queue system to update CRLs/OCSP responses periodically. For soft deletes, store revocation status in a Laravel database table and query it during validation.

Are there alternatives to this package for PKI in Laravel, and how does it compare?

Alternatives include `phpseclib` (broader crypto but heavier) or `web3/php-ethereum` (not PKI-focused). This package is lightweight, specialized for PKI, and integrates seamlessly with Laravel’s ecosystem. Unlike `openssl` CLI commands, it provides a pure PHP API for certificate operations, reducing dependency on system tools.

Can I use this package to extend Laravel’s Artisan CLI with custom PKI commands (e.g., `pki:issue`, `pki:revoke`)?

Yes, the package’s modular design makes it easy to create custom Artisan commands. For example, build a `pki:issue` command to generate certificates or `pki:revoke` to update CRLs. Use Laravel’s service container to inject the PKI framework into your commands, ensuring clean dependency management.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Pki Framework Laravel Package

spomky-labs/pki-framework

PHP 8.1+ framework for Public Key Infrastructure: X.509 certificates (incl. attribute certs), ASN.1 DER encoding/decoding, X.501/X.520 DN parsing, PEM (RFC 7468) handling, and PKCS-oriented cryptography utilities.

View on GitHub

Deep Wiki

Context7

A PHP framework for managing Public Key Infrastructures. It comprises X.509 public key certificates, attribute certificates, certification requests and certification path validation.

Frequently asked questions about Pki Framework

Can I use this package to build a self-hosted Certificate Authority (CA) for Laravel applications?: Yes, this package provides all the tools needed to create a self-hosted CA. You can generate X.509 certificates, manage private keys, and issue certificates programmatically. For Laravel, you can integrate it with Artisan commands or middleware to automate certificate issuance and validation, replacing cloud-based CAs like AWS ACM or Sectigo.
How do I integrate this PKI framework with Laravel’s authentication system (e.g., Sanctum or Passport)?: You can extend Laravel’s authentication by validating certificates in middleware or guards. For Sanctum/Passport, use the package to decode and verify client certificates before issuing tokens. The framework’s modular design lets you focus only on certificate validation logic without bloating your auth stack.
Does this package support mutual TLS (mTLS) for service-to-service communication in Laravel?: Absolutely. The package includes tools to parse and validate X.509 certificates, making it perfect for mTLS in Laravel. You can create middleware to validate client certificates in HTTP requests, ensuring secure communication with services like Istio or Linkerd. Combine it with Laravel’s middleware stack for seamless integration.
What Laravel versions are compatible with spomky-labs/pki-framework?: This package requires PHP 8.1+, so it works with Laravel 9 and 10. For Laravel 11 or future versions, check the package’s changelog or test compatibility early, as Laravel’s PHP version requirements may shift. Pin to LTS Laravel versions (e.g., 10.x) for stability in production.
How do I store private keys securely in Laravel when using this PKI framework?: Avoid storing private keys in plaintext. Use Laravel’s encryption services (e.g., `config['app.cipher']`) or integrate with HSMs like AWS KMS or HashiCorp Vault. For added security, combine this with Laravel’s filesystem encryption or a dedicated secrets manager. Never commit private keys to version control.
Can I use this package to parse and validate certificates in a Laravel middleware for API gateways?: Yes, the package’s `Certificate` class can decode and validate X.509 certificates, making it ideal for middleware. Create a custom middleware (e.g., `ValidateCertificate`) to check client certificates in API requests. This works well for mTLS in microservices or API gateways like Kong or Traefik.
What are the performance implications of using this package for bulk certificate operations?: For bulk operations (e.g., issuing 10,000+ certificates), performance may vary. Benchmark against PHP’s `ext-openssl` for critical paths. Use Laravel’s queue system to offload heavy tasks (e.g., certificate generation) to workers. Enable GMP/BCMath in PHP for faster cryptographic operations.
How do I handle certificate revocation in Laravel (e.g., CRL or OCSP)?: The package supports CRL (Certificate Revocation Lists) and OCSP (Online Certificate Status Protocol). Cache revocation data in Redis and use Laravel’s queue system to update CRLs/OCSP responses periodically. For soft deletes, store revocation status in a Laravel database table and query it during validation.
Are there alternatives to this package for PKI in Laravel, and how does it compare?: Alternatives include `phpseclib` (broader crypto but heavier) or `web3/php-ethereum` (not PKI-focused). This package is lightweight, specialized for PKI, and integrates seamlessly with Laravel’s ecosystem. Unlike `openssl` CLI commands, it provides a pure PHP API for certificate operations, reducing dependency on system tools.
Can I use this package to extend Laravel’s Artisan CLI with custom PKI commands (e.g., `pki:issue`, `pki:revoke`)?: Yes, the package’s modular design makes it easy to create custom Artisan commands. For example, build a `pki:issue` command to generate certificates or `pki:revoke` to update CRLs. Use Laravel’s service container to inject the PKI framework into your commands, ensuring clean dependency management.

Popularity trends

Recorded values over time (once-a-day snapshots). May 7, 2026 – Jun 5, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

Favorites

Forks

Score

20.4

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 27

+0.1
Forks

input: 5

+0.2
Open issues + PRs

input: 1

+0.1
Releases

input: 12

+3.6
Recency

input: 73

+16.0
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 20.0

Opportunity

63.3

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

100.0
Contribution need

open_issues + open_prs: 1

0.0
Health factor

archived + recency + open issues

×0.97

Total 63.1

License

MIT

Last release

Mar 23, 2026

Watchers

Downloads

3M/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope

anil/file-picker

broqit/fields-ai