I am currently rewriting my scripts to manage my #homelab certificate authority. Mainly due to me learning that including name constraints maybe wasn't the best idea. Partly as I want some parts to be checked prior to certificate generation and want other parts to be easier usable inside pipelines etc.

And once again I learn how complex and confusing #OpenSSL is. 😕