yeah, I have been considering building my own home CA for a long time.
Maybe ill do something like this. It just will be in a VM and not a RPi.
Archive: https://archive.today/KR18b
From the post:
>TL;DR In this tutorial, we're going to build a tiny, standalone, online Certificate Authority (CA) that will mint TLS certificates and is secured with a YubiKey. It will be an internal ACME server on our local network (ACME is the same protocol used by Let's Encrypt). The YubiKey will securely store the CA private keys and sign certificates, acting as a cheap alternative to a Hardware Security Module (HSM). We'll also use an open-source True Random Number Generator, called Infinite Noise TRNG, to spice up the Linux entropy pool.
yeah, I have been considering building my own home CA for a long time.
Maybe ill do something like this. It just will be in a VM and not a RPi.
Archive: https://archive.today/KR18b
From the post:
>>TL;DR In this tutorial, we're going to build a tiny, standalone, online Certificate Authority (CA) that will mint TLS certificates and is secured with a YubiKey. It will be an internal ACME server on our local network (ACME is the same protocol used by Let's Encrypt). The YubiKey will securely store the CA private keys and sign certificates, acting as a cheap alternative to a Hardware Security Module (HSM). We'll also use an open-source True Random Number Generator, called Infinite Noise TRNG, to spice up the Linux entropy pool.
(post is archived)