Yunohost as CA (Certificates Authority)

Hi everyone,
I am setting up a municipal intranet (not connected to the internet) but I would like to continue using self-signed ssl certificates.
The problem is that I can’t go around town telling them, all the time that they have to accept intranet websites as trustworthy.
The ideal would be to install a public certificate on each device that trusts all the websites of this intranet domain.

In other words, yunohost’s self-signed certificate would work as Certificate Authority.

But where am I going to get yunohost’s public certificate?

that is a very interesting usecase.

have you looked into having your own ACME server (like let’s encrypt does for everyone now) ?

There is an existing self-hosted server for with smallstep step-ca

1 Like

Thanks a lot! :slight_smile:

my pleasure.

I havent got time yet to try it myself but I will be more than happy to have feedback on it if anyone try it.

after a long time I reopen this subject.

Yunohost is already an CA authority.
The CA certificate is in

/usr/share/yunohost/ssl/ca

greetings to all

@maxlinux2000 don’t you have to copy it in /etc/ssl/certs and use update-ca-certificates to add it to the local server ? I try to use it in order to use the included LDAP for external services