HACKER Q&A
📣 ajr0

Self Host PKI


What is your strategy for self-hosting PKI?

right now I have a bit of a tumbleweed PKI service with two CA's (out of laziness), looking to simplify and 'do it right' and looking to learn more if there is any good literature on it.

  👤 ivanr Accepted Answer ✓
My first question would be: do you really want to self-host? Google have a service that's affordable: https://cloud.google.com/certificate-authority-service AWS has a similar service but, the last time I checked, it wasn't as cheap [because of their minimum monthly cost].

If you really want to self-host, consider the open source step-ca https://smallstep.com/certificates/ If you want to do everything yourself and learn a fair amount about PKI, I provide step by step instructions in my (free) OpenSSL Cookbook: https://www.feistyduck.com/books/openssl-cookbook/

It's difficult to do it right and self-host :)