Hacker News new | past | comments | ask | show | jobs | submit login

As you say, I'd prefer to run this sort of thing locally - half the point of running your own CA is that you have full control over it.

I wrote caman (https://github.com/radiac/caman), a bash script wrapper for openssl with what looks like a similar syntax to etcd-ca. I posted about it on HN a while back, but it now also supports SAN certificates and intermediate CAs.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact