As you say, I'd prefer to run this sort of thing locally - half the point of running your own CA is that you have full control over it.
I wrote caman (https://github.com/radiac/caman), a bash script wrapper for openssl with what looks like a similar syntax to etcd-ca. I posted about it on HN a while back, but it now also supports SAN certificates and intermediate CAs.
radiac|10 years ago
I wrote caman (https://github.com/radiac/caman), a bash script wrapper for openssl with what looks like a similar syntax to etcd-ca. I posted about it on HN a while back, but it now also supports SAN certificates and intermediate CAs.