While minica is designed for local use it's CA key still can be stolen and used for MitM attack targeted on minica user. Please make it possible to manually control which certificates are signed using this CA by adding optional encryption of CA key with password.
BTW, just curious, why did you decide to use Go instead of writing shell script to just execute openssl? Is certificates generated by minica somehow differs from openssl ones, or there some other differences?
While minica is designed for local use it's CA key still can be stolen and used for MitM attack targeted on minica user. Please make it possible to manually control which certificates are signed using this CA by adding optional encryption of CA key with password.
BTW, just curious, why did you decide to use Go instead of writing shell script to just execute openssl? Is certificates generated by minica somehow differs from openssl ones, or there some other differences?