Bringing Certificate Lifecycle Management to Life with Node-RED & Trustpoint

During my internship at Campus Schwarzwald, I developed a complete integration between Node-RED and Trustpoint, a certificate lifecycle management solution that automates X.509 certificate enrollment, renewal, and storage.
Trustpoint supports multiple enrollment protocols, including EST (Enrollment over Secure Transport) — a standardized method for secure certificate management over HTTPS defined in [RFC 7030]. While EST is only one option among others such as CMP, it offers a strong balance between automation, security, and ease of implementation — making it particularly suitable for industrial and IoT systems.

Traditional certificate management on clients relies on complex command-line tools (like OpenSSL), custom scripts, proprietary agents andsignificant human intervention — which is unsustainable at scale in industrial contexts.

To simplify this, I developed a complete integration between Node-RED and Trustpoint, enabling industrial engineers to manage certificates securely via a graphical flow-based interface.

To use the Trustpoint integration in Node-RED, simply install the custom nodeset package node-red-contrib-trustpoint:

Option 1 — From the Node-RED Palette Manager (GUI)

1. Open your Node-RED editor (usually at http://localhost:1880)
2. Click the top-right menu → Manage palette
3. Go to the Install tab
4. Search for: node-red-contrib-trustpoint
5. Click Install

Option 2 — From the command line

If you’re running Node-RED on a Raspberry Pi or server, you can install the package directly:

Then restart Node-RED:

Once the package node-red-contrib-trustpoint installed, any device can:

1. Generate a private key
2. Create and send a CSR (Certificate Signing Request)
3. Enroll and retrieve a signed certificate
4. Store the certificate securely
5. Use it for secure communication over mTLS (e.g., MQTT with Mosquitto)

All steps are visual and automated — no manual shell scripts needed.

Tech Stack

• Node-RED: flow-based development environment
• Trustpoint: certificate lifecycle management using the EST (Enrollment over Secure Transport) protocol
• Raspberry Pi 5: lightweight edge computing platform

Node-RED Package: node-red-contrib-trustpoint
GitHub:

• Trustpoint Repository
• node-red-contrib-trustpoint Repository
  

This solution empowers industrial engineers to:

• Implement mTLS in minutes
• Eliminate human errors in cert generation and renewal
• Integrate PKI workflows into existing IoT and IIoT systems
• Deploy securely at the edge without writing a single line of OpenSSL commands

It brings the core mission of Campus Schwarzwald to life: bridging cutting-edge technology with real industrial needs.

This project provided valuable hands-on experience with certificate lifecycle automation, industrial security standards, and secure communication protocols. It strengthened my understanding of PKI systems, TLS, and automated provisioning workflows, while sharpening my ability to develop scalable and secure industrial solutions using modern tools like Node-RED.

Creator: Ibrahim Almountaka Sambare