What a project. Did configure StepCA in my home-lab with a real physical HSM for the CA's private key. Using a SmartcardHSM (https://www.smartcard-hsm.com) from CardContact Systems.
Now I have acme (automated cert provisioning) working internally as long as the HSM is plugged into my server.
All running in an isolated FreeBSD 15-RELEASE jail.
Yay! It works!
#freebsd #stepca #devops #acme #certificates #tls #smartcard #hsm
@Larvitz How is Step CA? Are you coming from another CA solution?
Been thinking about running #stepca in my #kubernetes cluster, but have been apprehensive because of how many features seem to be gated behind smallstep's proprietary version. Would love to have this integrated with #certmanager and using the #tpm on my nodes. Was going to do a rearchitecting of my entire #auth and #cryptography stack when I switch from the deprecated #Ingress API to the #GatewayAPI