PKI infrastructure, signing a intermediate CA with the root CA


Is there a way to create a intermediate signing CA certificate within UCS?
I’ve only just started playing around with it, seems a very thought through project.

Also: Is there a way for the Root CA to be longer then 5 years (I’ve tried the ucr set ssl/default/days, but that didn’t work). 5 years seems a very small window for an organisation imho, or is there a reason I havent discovered yet?

Keep up the great work, so far, I’m really liking this :wink: