I've used XCA [1] before for managing my personal CA and PKI certs for things. I simply then share my root CA out to my necessary end points and handle things from there.
I've never used XCA but I've heard of it. Does it have an actual "online CA" with an API for signing certificates or is it more of a desktop app that works with local signing certificates - like a graphical version of OpenSSL?
If you ever have a reason to check out the `step` / `step-ca` toolchain I'd love to chat about the differences you see. Message me here or shoot me an email (mike at smallstep).
Since it's my own CA, I have a few personal scripts that handle it. Everything else (like the root cert) is handled offline with a different physical device. It's nothing more than some glorified bash stuff and pulling public CA's from my own sites.
XCA is a gui for dealing with making certs. For me even as a technical user, i prefer it more than CLI.
Cool that's good feedback. We've been working on a web interface that we could maybe turn into an electron app for this sort of stuff.
I'm probably pressing my luck promoting here but if you do a bunch of cert related stuff check out our `step certificate` command group at https://smallstep.com/docs/cli/certificate/#commands -- it does a bunch of cool stuff like dumping x509 as JSON and extracting public keys and linting certs and it's way easier to use than openssl. Might be useful in your scripts.
If you ever have a reason to check out the `step` / `step-ca` toolchain I'd love to chat about the differences you see. Message me here or shoot me an email (mike at smallstep).