CERTIFICATES & mTLS
Built for zero-trust APIs.
Client certificates, CA certs, per-host mTLS bindings, and TLS for gRPC — all first-class. Hit hardened internal APIs and regulated systems without jumping through hoops.
Why this is different
Client certs are an afterthought in most API clients. In Rostyman they're a first-class resource — managed centrally, bound to hosts, respected by every protocol including gRPC. Built for fintech, healthcare, government, and any regulated environment where mTLS is standard.
Everything mTLS, in one place
Per-host bindings
Bind a cert to a hostname. Every request to that host automatically presents the certificate.
Passphrase vault
Private key passphrases are stored in the vault — encrypted, never in plaintext.
Multi-cert support
Manage dozens of certs. Different certs for dev / staging / production hosts.
CA chain control
Trust custom CAs for private infrastructure. Self-signed dev certs work out of the box.
Every format your team uses
PFX / P12
Windows-native PKCS#12 bundles. Password-protected certs with private keys in a single file.
PEM
Classic Unix-style ASCII cert + key pairs. Standard across Linux, macOS, and every cloud provider.
DER
Binary-encoded X.509 for older enterprise systems that haven’t moved to PEM.
Every protocol respects your certs
HTTP, gRPC, WebSocket, MQTT — if it uses TLS, it picks up the host-bound certificate automatically.
Compliance-friendly by default
Certs never leave your device. No "upload your PFX to our cloud." The cert lives in your local SQLite — encrypted. The passphrase lives in the vault — encrypted. Nothing in plaintext, nothing synced, nothing shared without your explicit action.