This is a top level task to consider what we will need for certificate authority use within Elytron.

I would imagine we would start with a fairly simple implementation ourselves within Elytron that can handle signing with the appropriate constraint checking / management of signed certificates, we would also want revocation, CRL generation, a simple OCSP responder.

From this we will have an API so that CA functions can be requested from within the application server, we will also have an SPI so that we can integrate with different CAs as an example FreeIPA.