Private PKI with Root CA

I made a little bash-only ditty on managing private CA

https://github.com/egberts/tls-ca-manage

That requires modifying your OS trust store[1], doesn’t it?

[1] And browser trust store if it doesn’t use the OS, and OpenSSL trust store if you use tools that don’t use the OS trust store, etc

The Caddy web server has a built in ACME compliant CA. Works well for a private CA, and it’s a couple lines in the config file.