For a long time, we using easy-rsa scripts to deal with certificates for OpenVPN
now, we added (and continue adding) software and capabilities that require certificates in one way or other
that brings us to essential needs like
- control system-wide trusted certificates, to be able to import new trusted CAs and/or standalone certificates to store
- be able to create and manage CAs (certificate authorities) and issue certificates for server and client sides
- view and check certificates before import, etc
After researching the available options, we come across smallstep which seems suitable for what we trying to achieve
see https://smallstep.com/docs/design-document/
This task is root task for future vyos certificate management