On-prem certificate management, European cloud
Your sensitive data stays on your servers. The cloud services that support sslbrain run exclusively in EU-owned data centers.
Why self-hosted
Certificate automation requires admin credentials to firewalls, load balancers and servers, including SSH keys, API tokens and DNS API keys. These are credentials with full access to your infrastructure.
Those credentials should not live in a cloud platform that can also reach into your firewalls, load balancers and servers. sslbrain runs inside your network, and no supply chain attack can compromise your server credentials through our infrastructure.
sslbrain Cloud cannot connect to, control, or read data in your sslbrain instance. All communication is initiated from your side.
Stays on your server
sslbrain Cloud handles
EU-owned data centers
sslbrain Cloud runs on UpCloud, a Finnish infrastructure provider, across six data centers in the EU.
Copenhagen, Denmark
UpCloud dk-cph1
Stockholm, Sweden
UpCloud se-sto1
Madrid, Spain
UpCloud es-mad1
Amsterdam, Netherlands
UpCloud nl-ams1
Frankfurt, Germany
UpCloud de-fra1
Helsinki, Finland
UpCloud fi-hel2
All data centers are certified to ISO 9001, ISO 14001, ISO 22301, ISO 27001, and ISO 50001, as well as SOC 1 and SOC 2 Type II. They operate on 100% renewable energy.
Your local sslbrain instance keeps running regardless of cloud availability. ACME clients running directly against the CA are not affected by a Cloud outage.
Sub-processors
Full transparency about which third parties support FairSSL and sslbrain operations.
| Provider | Location | Purpose | Applies to |
|---|---|---|---|
| UpCloud | Finland (EU), data centers in DK, SE, NL, DE, ES, FI | Hosting, databases, backup, observability | All customers |
| Bunny.net | Slovenia (EU), EU routing filter | CDN for static assets | Website visitors |
| Microsoft 365 | EU tenant | Business email and collaboration | Paying and prospective customers |
| Freshdesk | EU-hosted | Support system and ticket handling | Paying customers with support cases |
| Lettermint | EU | Transactional and notification emails | All customers (including free) |
| Scanpay | Denmark | Payment processing. FairSSL does not receive card data | Paying customers |
| Visma e-conomic | EU/EEA | Accounting and invoicing | Paying customers |
Website analytics on FairSSL and sslbrain sites are collected with Umami, which runs self-hosted in our own EU infrastructure. No third-party analytics are used on customer-facing services.
Certificate Authorities (Let's Encrypt, Google Trust Services, Sectigo, DigiCert, and others) act as independent controllers for certificate issuance under CA/Browser Forum requirements. Domain names in publicly issued certificates are logged in public Certificate Transparency (CT) logs.
Danish SSL company since 2010
FairSSL A/S, CVR 33075782, Denmark. 16 years in the SSL certificate industry.
We deliver certificates to Danish government agencies, defense and emergency services, regions, municipalities, hospitals, energy and telecommunications companies, banks and pension providers, and enterprises of all sizes.
sslbrain is source-available. Your security team can inspect every line of code running on your infrastructure. No black boxes, no compiled binaries you cannot verify.
No US cloud dependencies
Your data and our cloud services are processed exclusively in EU-owned data centers. No customer data is sent to or stored in services outside the EU.
Data centers, DNS, CDN, email, and payment processing are all EU-based services operated by EU-owned companies. Your sslbrain instance only communicates with sslbrain Cloud, which runs in the data centers listed above.
Get started
Download sslbrain and manage your certificates in minutes.