🔍

Certificate Authorities

by alex
in

tagged encryption, openssl, python, browser, idea, alpine, linux, tools, windows, library, computer, ~remove, directory, database, configuration, address, information, remote, authentication, password, security, application, service, domain

Updated: 2025-05-12

banner

For home users there is not much use for running you own Certificate Authority (CA), and with availability of Letsencrypt and the plethora of ACME libraries setting TLS encryption is quite straight forward.

banner

There are also some alternatives to Letsencrypt that offer free certificates:

These are commercial offerings that have a free tier.

I myself use letsencrypt with acme.sh because it is available for Alpine Linux, which is my preferred Operating System for my home servers.

Private Certificate Authority

There are some scenarios that it would be useful to run your own Certificate Authority (CA). For example:

  • When you require a lot of certificates.
  • Authenticate users or client devices.

There are some tools that take care of most of the details on how to run your own CA.

Still, this may be useful to know in case you ever need to. I tried the folowing myself:

  • caman
    Written in shell script, and support intermediate certificates.
  • minica
    Written in go language. Very simple and straightforward.
  • mkcert
    Another one in go language. A simple zero-config tool to make locally trusted development certificates with any names you'd like.