Minimal Viable Certificate Authority

This documentation assumes LibreSSL on OpenBSD 7.3; anything with OpenSSL should be similar, though how to best create certificates does vary over time. This is a simple test CA that lives in a directory. Season with security to taste.

minimum-ca.sh

Perhaps too minimal, lacking revocation lists and whatnot, but verification can happen for a certificate (minca-test.cert) signed against the certificate authority (minca.cert).

local-ca.gmi

index.gmi