What does HackerNews think of minica?
minica is a small, simple CA intended for use in situations where the CA operator also operates each host where a certificate will be used.
Language:
Go
MiniCA[0] works for this, quite trivial to setup and stamp out certs.
I found minica very useful to do something like this (no affiliation): https://github.com/jsha/minica
https://github.com/jsha/minica has been around longer and has met all my home lab needs so far. It's even plugged on LetsEncrypt-- https://letsencrypt.org/docs/certificates-for-localhost.
I've set up internal CA using minica [0] and trusted that CA in Chrome and Firefox with success. Each host got it's own key, and I'm not even using proper DNS server - I use Avahi, so all of my hosts are available as somehostname.local on all clients with Avahi/Bonjour installed.
There's a great tool for this called minica
For folks interested in the "minimal" aspect of this project, there is a similar one with a single Go file: https://github.com/jsha/minica
I've been using minica [0] as recommended by letsencrypt [1] and am fairly happy with how easy it was to run and setup. I also like how small it is; I just embedded it in the development scripts of the project.
[0] https://github.com/jsha/minica
[1] https://letsencrypt.org/docs/certificates-for-localhost/