Build a Tiny, YubiKey-Secured CA for Your Homelab

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Build a Tiny, YubiKey-Secured CA for Your Homelab

2025-01-19

This tutorial walks you through building a secure, YubiKey-protected Certificate Authority (CA) on a Raspberry Pi. Leveraging the open-source step-ca and an optional Infinite Noise TRNG for enhanced randomness, you'll create a miniature internal ACME server for your homelab's TLS needs. The guide covers system setup, PKI creation, CA configuration, adding an ACME provisioner, and implementing systemd services for handling YubiKey removal/insertion. The result? A secure, SSH-less, tiny CA.

(smallstep.com)

Development certificate authority

Biden's Warning: The Tech Oligarchy Has Been Here for Years

Using Your Apple Device as an Access Card: A Clever Hack Using a Chinese Transit Card