Im using certbot with dns challenge (cloudflare api token) to renew letsencrypt cert for my nginx proxy. I want also to create CA cert to sign longterm certs for upstream servers/services and set nginx to trust CA cert. Longterm because of no possibility to automate renewal for those devices/services. Will stepCA have any use for me or just use openssl?
I use XCA for internal CA setups https://hohnstaedt.de/xca
XCA can also be used to create a standalone CSR (certificate-signing request) if you don’t want to deal with openssl.