Running a PKI using Smallstep certificates with Docker
Recently, I had to set up a new PKI. I was going to go with the good old OpenSSL but it’s 2021, there must be a more userfriendly and, more importantly, automated approach. There are many open-source possibilities: EJBCA, cfssl, Hashicorp Vault, Smallstep Certificates. I chose to use Smallstep certificates because it has all the features I need and they are not behind a pay-wall: lightweight: small Go binary, you can run it with a file-based database (similar to SQLite) user friendly CLI: compared to openssl commands ACME protocol: useful for Traefik reverse proxy OIDC authentication support: the guys are super friendly and available on their Discord channel Be sure to check their website, they have other features that you might want, especially their Certificate Manager....