| While not the only one out there[1], I've been hacking a cli tool written in bash[2] to streamline the OpenSSL commands geared toward a PKI/CA workflow. I started it mainly for my overall learning of OpenSSL from nothing and for my small scale needs with my CoreOS servers. What I learned from this exercise, is that it's not the complexity of the commands that is the issue with OpenSSL, it's: 1) The importance of consistent naming schemes (for the humans) and PKI hierarchy design (the nuances of keyUsage, basicConstraints, and extendedKeyUsage) 2) consistent execution of commands; typos are more likely the more you have to put in the CLI manually 3) good configuration files aren't utilized enough in most of the tutorials I found. They can streamline use, archive procedure, and prevent typos as in point #2. 4) The importing of certs and keys in an automatic way is a sort of dark corner of the tutorial world. But permissions are super important! I came up with an import strategy that I think works pretty well.[3] Please examine and break it! [1]https://github.com/OpenVPN/easy-rsa [2]https://github.com/brianclements/pkictl [3]https://github.com/brianclements/pkictl#import |