top | item 17683370

(no title)

dozzie | 7 years ago

If only there was a certificate authority management tool that was convenient to use from command line and through an API, so it could be made into a company-wide service.

There is this old tinyCA that comes with OpenVPN, but it's awful and can't do much (I don't even remember if it could revoke a certificate). There are a few instances of WWW-only CAs, and there are desktop/GUI applications. But command line? /usr/bin/openssl only, and it's unwieldy. Even worse situation with a CA library.

People like to fetishize OpenSSH's CA (for both client keys and server keys), but there still a lot to do before it becomes usable. (Though the same stands for the traditional save-on-first-use method, honestly.) You're basically proposing to deploy software that maybe will be usable in a few years, with a big "maybe", because until now it haven't materialized.

discuss

amaccuish|7 years ago

Completely agree. Most are horrible enterprisey java stuff. I currently use django-ca.

unknown|7 years ago

[deleted]

lima|7 years ago

Hashicorp Vault has a great CA.

dozzie|7 years ago

Yes, I've seen. Even more unwieldy than OpenSSL's one, and you need whole Hashicorp's thing, too.