Yunohost as CA (Certificates Authority)

maxlinux2000 · September 19, 2022, 11:19am

Hi everyone,
I am setting up a municipal intranet (not connected to the internet) but I would like to continue using self-signed ssl certificates.
The problem is that I can’t go around town telling them, all the time that they have to accept intranet websites as trustworthy.
The ideal would be to install a public certificate on each device that trusts all the websites of this intranet domain.

In other words, yunohost’s self-signed certificate would work as Certificate Authority.

But where am I going to get yunohost’s public certificate?

Guwom · September 30, 2022, 7:43am

that is a very interesting usecase.

have you looked into having your own ACME server (like let’s encrypt does for everyone now) ?

There is an existing self-hosted server for with smallstep step-ca

maxlinux2000 · September 30, 2022, 10:40am

Thanks a lot!

Guwom · September 30, 2022, 11:07am

my pleasure.

I havent got time yet to try it myself but I will be more than happy to have feedback on it if anyone try it.

maxlinux2000 · March 30, 2024, 12:28pm

after a long time I reopen this subject.

Yunohost is already an CA authority.
The CA certificate is in

/usr/share/yunohost/ssl/ca

greetings to all