gpgsm as a CA

Jean-Yves Migeon jym at
Wed Feb 28 21:10:45 CET 2018

> Hi, all.
> Is there any support for using gpgsm as a certificate authority?


FWIW I have put up a guide recently on how I achieved this with gpgsm +
an OpenPGP card for private key handling. You can drop the card thing if
you don't intend using and keep the private key instead.

It is still a bit rough, I expect to expand it a bit in a few days.

All certificates I issue through this method work with the openssl
stacks we have around, so it is working from my PoV.

Did not investigate how to handle the CRL part though, and the X.509
extensions need a bit more work to be user-friendly, but you can safely
figure this out via openssl asn1parse.

Jean-Yves Migeon

More information about the Gnupg-users mailing list