Title says it - I want a simple CA that doesn’t overcomplicate things (looking at you, EJBCA). I need it to serve at least CRLs or better OCSP automatically for the certs it manages. If it comes with a Web GUI, all the better, but doesn’t need to. Docker deployment would be sweet.
Currently handling this on an OPNSense I happen to be running, but that thing is also serving stuff to the public 'net, so I’d rather not have my crown jewels on there.
https://smallstep.com/docs/step-ca/index.html
There’s basically two executables involved:
stepis the CLI app used to request certificatesstep-cais the server process thestepclient connects toI’ve got the CA portion bundled into Docker. It can also run as an ACME server (and is compatible with
certbot).This is exactly what i wanted to say :)
Meh. Doesn’t do what I need it to. :/
Does seem like automatic CRL/OCSP is something you only get for free with EJBCA. Frustrating, that.