> I still have nightmares about trying to set up SSL with nginx and my own self-managed certificates. For anyone who needs to run their own CA (which I'm now doing for my homelab), I've found that using GUI software like KeyStore explorer is a sufficiently easy and lazy way of doing that, which actually works well, both for securing regular sites, as well as doing mTLS: https://keystore-explorer.org/ > Shoutout to... - Source: Hacker News / 16 days ago

Yes, that's clear but you need the private key to create a CSR. I'm guessing since you are using a Java app you should either have a JKS (old fashioned) or a P12 (pkcs12) keystore, one of those should contain the private key, you can use keystore explorer to extract the data. Https://keystore-explorer.org/. Source: over 1 year ago

Personally, I've also had decent experiences with Keystore Explorer: https://keystore-explorer.org/ I actually wrote about using it on my blog, which has plenty of screenshots: https://blog.kronis.dev/tutorials/lets-run-our-own-ca. - Source: Hacker News / over 1 year ago

Then let me tell you about keystore explorer https://keystore-explorer.org/ which will make your life a lot easier (and less chance that there are more then 1 keys inside your keystore. Source: over 1 year ago

I... Kind of like it? Not the fact that using such a GUI would be almost impossible, like the humorous example of an "engineer oriented UI" in the Silicon Valley series https://www.reddit.com/r/SiliconValleyHBO/comments/4nvvnl/pied_pipers_easytouse_tools/ which might be confusing for most people. But rather the fact that all of the complexity the software has is laid bare, so that nobody could mistakenly assume... - Source: Hacker News / about 2 years ago

Just a little heads up https://smallstep.com/certificates/. Source: over 1 year ago

Step-ca: Not web based, but the CLI is pretty user friendly: https://smallstep.com/certificates/. Source: over 1 year ago

I was just looking at https://smallstep.com/certificates a few days ago. It looks like they have an operator that fits your description as well as example docs for setting up inter-microservice mtls. Source: over 1 year ago

In the quick search I learned about Ssh cert authority which looks very manual and also like a dead project Smallstep's step-ca who put together very nice article about how to begin certificate authority process Netflix' BLESS is AWS only Cashier which also looks quite ok. Source: almost 2 years ago

If you want something a little fancier (I.e. Get automatic certs with all that ACME goodness) check out SmallStep. This is next on my list of homelab projects. Source: over 2 years ago