ehbowen

You may already have this information up, but I’m looking to put together a comprehensive SSL suite for my church. I’m wanting to obtain certificates from Let’s Encrypt for the publicly accessible resources such as the web server and mail server, and then I’m also wanting to set up a self-signed certificate authority to secure devices such as the router and managed switches.

I understand that the master self-signed CA certificate needs to be heavily protected and preferably air-gapped. My plan was to use a Raspberry Pi with an SD card which would be kept under lock and key, possibly off site, when not being used to generate and sign intermediate certificates. I had then planned to use the intermediate certificate to sign the certificates for the other hardware and servers in the network.

Again, you may have this up already; I’ve just today started to look through your site. But if you could put a tutorial or implementation guide together in a conspicuous place it would be helpful.