Title says it - I want a simple CA that doesn’t overcomplicate things (looking at you, EJBCA). I need it to serve at least CRLs or better OCSP automatically for the certs it manages. If it comes with a Web GUI, all the better, but doesn’t need to. Docker deployment would be sweet.

Currently handling this on an OPNSense I happen to be running, but that thing is also serving stuff to the public 'net, so I’d rather not have my crown jewels on there.

  • @just_another_personEnglish
    52 days ago

    This entire question has oxymorons all over it, but…

    • EasyRSA - simple and well-known CLI implementation that is used almost everywhere for OpenVPN
    • Step - newer on the block, but seems extremely well documented and fairly well used
    • XCA - old-school, but still actively developed. May not even work on more modern machines