Installation
Run your own Open TSA instance. The full source code is available on GitHub under MIT license.
Requirements
- Linux (tested: AlmaLinux 9, RHEL 9, Debian 12, Ubuntu 22+)
- Node.js 18+
- OpenSSL 3.x
- nginx (for reverse proxy + SSL)
- certbot (for Let’s Encrypt SSL)
Installation
# 1. Install dependencies
dnf install -y epel-release
curl -fsSL https://rpm.nodesource.com/setup_20.x | bash –
dnf install -y nodejs nginx certbot python3-certbot-nginx
# 2. Create service user
useradd -r -s /sbin/nologin -d /opt/open-tsa nodejs
# 3. Clone and install
git clone https://github.com/open-tsa-project/open-tsa /opt/open-tsa
cd /opt/open-tsa
npm install –omit=dev
# 4. Generate CA hierarchy
bash /opt/open-tsa/scripts/setup-ca.sh
# 5. Configure
cp /opt/open-tsa/.env.example /opt/open-tsa/.env
# 6. Install systemd service
cp /opt/open-tsa/scripts/open-tsa.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable –now open-tsa
# 7. Test locally
curl -s http://127.0.0.1:3700/health
{“status”:”ok”,”service”:”open-tsa”,…}
Security note: After setup, move the Root CA keys offline. See the CA Setup guide for details.