Ask HN: Self Host PKI
What is your strategy for self-hosting PKI?
right now I have a bit of a tumbleweed PKI service with two CA's (out of laziness), looking to simplify and 'do it right' and looking to learn more if there is any good literature on it. My first question would be: do you really want to self-host? Google have a service that's affordable: https://cloud.google.com/certificate-authority-service AWS has a similar service but, the last time I checked, it wasn't as cheap [because of their minimum monthly cost]. If you really want to self-host, consider the open source step-ca https://smallstep.com/certificates/ If you want to do everything yourself and learn a fair amount about PKI, I provide step by step instructions in my (free) OpenSSL Cookbook: https://www.feistyduck.com/books/openssl-cookbook/ It's difficult to do it right and self-host :)