Ahoy there

Looking for someone who can make heads or tails out of X.509, Kerberos, LDAP and all those other annoying abbrevations that make you yawn? In that case you've come to the right place!


Pairing X.509 certificates with VPN-s is painful to say the least and using passwords for VPN-s is becoming an example of bad practice. Since 2015 we've been working on a certificate authority software that you actually want to use.

Automate enrollment of Linux servers, Windows desktops, Android, iPhones and embedded devices. As a cherry on the top enroll users by sending them single use tokens.

Feature highlights:

  • Modern HTML5 user interface with server sent events
  • Active Directory and LDAP authentication for admin user interface
  • Support modern crypto ciphers
  • Online Certificate Status Protocol (OCSP) support
  • Simple Certificate Enrollment Protocol (SCEP) support
  • E-mail notifications
  • Open-source

VPN integration supported for:

  • Built-in IPSec client on iPhone and Windows
  • StrongSwan on Ubuntu, Fedora, Android
  • OpenVPN on Windows, Linux, Android, iPhone, Mac OS X
  • Multi-factor authentication with Estonian MobileID and SmartID

Schedule for a demo by sending e-mail on the address below.

Zero trust networks

Retroactively patch your legacy networks to use VPN with our devices. Firewall and prevent unauthorized access to multifunctional printers (MFP-s), IP cameras and other devices which either don't support crypto out of the box or where vendor has stopped providing security patches. Catch suspicious traffic on the spot and notify about potential breach.

We offer a product which transparently enables crypto on the wire for any IoT device

  • Transparently encrypt traffic with IPSec
  • Backwards compatible, supports enrollment via SCEP
  • Block and log malicious traffic on the source
  • Permit only whitelisted traffic from/to the device
  • Small enough to fit inside enterprise MFP-s
  • PoE support, power from 802.3at compliant switch
  • Optional 802.11bgn wireless support
  • Optional hardware security module (HSM) support

Local area networks were never created with security in mind. Dot1x and VLAN-s were later bolted on to mitigate the problems, but nowadays having no encryption on the wire is a no-go.

Lauri Võsandi is the mastermind behind the products and services listed above. Visit our lab at k-space for a demo or face to face chat.

+372 5332 9412

Koodur OÜ

Vilde tee 121b-118, Tallinn, 12613, Estonia