How to set up my own full-featured certificate authority?

Solution 1:

You can use TinyCA, a graphical front-end for OpenSSL that lets you manage the tasks of a certificate authority.

Beware that the TinyCA website seems hard to reach at times.

Solution 2:

I recommend using OpenCA and here is the install guide. This is a full fledge PKI suite, which includes an OCSP server to immediately revoke certificates. It also has a PKI Resource Protocol server. I have personally used OpenCA and it is what you want.

If you really like RedHat and Java then you might want to go with RedHat Certificate System.

Solution 3:

Have a look at this:

And for the entire work flow: