I've a task to create Certificate Authority for company use. Preferably using "valid" ( not self-signed) certificate. The goal is to issue individual certificates for subdomains, instead of wildcard, plus sub-subdomains, not covered by wildcard cert, users, services, etc.
All this may be limited to a single domain only.
As I understand I need valid certificate which has certain capabilities in it
like this Key Cert Sign, CRL Sign.
Is that true and can someone point me to the documentation and SSL provider who can sell me that kind of certificate ?
Thanks.
UPDATE: Thanks for the comments: I may need to rephrase my question then, what is needed to issue publicly valid certificates for services and users ? There are some sites issuing user certificates, like this https://www.comodo.com/home/email-security/free-email-certificate.php. But I don't want to rely on public and free services for company use and would rather use something constant and reliable.
First, no public trusted certificate authority is going to grant you any type of signing certificate.
Now that we have that out of the way:
Since this is for internal usage, you don't need any sort of certificate from an outside source - just start your own CA, and distribute its CA cert to all of your clients' trusted certificate database. Then you can request and sign certificates willy nilly and all of your clients will trust them.