Configuring open source step-ca | Smallstep

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH. - smallstep/certificates

Smallstep's PKI software is vulnerable to JSON injection, misuses JWTs, and relies on client-side enforcement of server-side security.