In this web content, the author explores the option of creating a root certificate authority (CA) for internal services. They discuss the limitations of free-beer alternatives like ZeroSSL and Let’s Encrypt, especially when it comes to Apple devices. The author provides a step-by-step guide on how to generate a CA certificate, as well as host certificates for specific services. They emphasize the importance of meeting Apple’s requirements for server certificates. The content also mentions the need for a static website to serve the CA certificate. The author acknowledges the need to protect the CA key and highlights the risks involved in managing a root CA.
https://wejn.org/2023/09/running-ones-own-root-certificate-authority-in-2023/