Title says it - I want a simple CA that doesn’t overcomplicate things (looking at you, EJBCA). I need it to serve at least CRLs or better OCSP automatically for the certs it manages. If it comes with a Web GUI, all the better, but doesn’t need to. Docker deployment would be sweet.

Currently handling this on an OPNSense I happen to be running, but that thing is also serving stuff to the public 'net, so I’d rather not have my crown jewels on there.

  • Admiral PatrickEnglish
    81 month ago

    https://smallstep.com/docs/step-ca/index.html

    There’s basically two executables involved:

    • step is the CLI app used to request certificates
    • step-ca is the server process the step client connects to

    I’ve got the CA portion bundled into Docker. It can also run as an ACME server (and is compatible with certbot).

    • Teddy PoliceOPEnglish
      11 month ago

      step-ca does not currently support active revocation mechanisms like a Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP).

      Meh. Doesn’t do what I need it to. :/

      Does seem like automatic CRL/OCSP is something you only get for free with EJBCA. Frustrating, that.