Full fledged CA?

NethServer Version: 7.7
Module: Certificates

I see that in the certificate section, NethServer allows only issuing self signed cert, or making request to Let’sEncrypt.
Am I correct to assume that there is no full fledged CA in NethServer? i.e. to issue certificates for other services/devices that “trust” it?

Yes, you’re correct.

Edit: To elaborate a bit, with the advent of Let’s Encrypt, IMO, there’s much less value in running a local CA than was once the case. Using DNS validation, you can easily obtain trusted certs for internal resources that can’t be reached from the Internet (and using acme-dns, you can use DNS validation regardless of your DNS host)–the only real restriction is that you need an actual public domain name; you can’t use hostnames like freenas.local.

Some time ago, a contrib was developed for SME Server (from which Neth forked previously) to run a local CA using PHPki. It’s possible that it could be adapted to work with Neth, though I imagine it would take a fair bit of work. See https://wiki.contribs.org/PHPki

1 Like

By the way, NS has a builtin CA which is used to generate VPN certificates but it’s not really suited for release certificates out of this scope.
The CA certificate is under /etc/pki/tls/certs/NSRV.crt.