Title says it - I want a simple CA that doesn’t overcomplicate things (looking at you, EJBCA). I need it to serve at least CRLs or better OCSP automatically for the certs it manages. If it comes with a Web GUI, all the better, but doesn’t need to. Docker deployment would be sweet.

Currently handling this on an OPNSense I happen to be running, but that thing is also serving stuff to the public 'net, so I’d rather not have my crown jewels on there.

    • Teddy Police@feddit.orgOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      4 days ago

      step-ca does not currently support active revocation mechanisms like a Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP).

      Meh. Doesn’t do what I need it to. :/

      Does seem like automatic CRL/OCSP is something you only get for free with EJBCA. Frustrating, that.

    • johannes
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 days ago

      This is exactly what i wanted to say :)