So to better explain my perspective - I'm coming at this from the angle of a consultant to small to mid sized organizations. Nearly all the times somebody talks about setting up a CA, it's so they can man-in-the-middle all their network traffic to sniff it. Yet the organization struggles to do much more basic things correctly. For better or worse, though, the bias in the comments here are from competent people working for competent orgs - not smaller shops that exist in a perpetual state of garbage fire.
So absolutely, yes, you can run your CA reasonably today. But in practice, outside very large and competent enterprise shops (i.e., your typical business) - no. The typical business I bump into struggles with internal DNS and DHCP - the skills just aren't there.
So absolutely, yes, you can run your CA reasonably today. But in practice, outside very large and competent enterprise shops (i.e., your typical business) - no. The typical business I bump into struggles with internal DNS and DHCP - the skills just aren't there.