Hi,
Is there a way to create a intermediate signing CA certificate within UCS?
I’ve only just started playing around with it, seems a very thought through project.
Also: Is there a way for the Root CA to be longer then 5 years (I’ve tried the ucr set ssl/default/days, but that didn’t work). 5 years seems a very small window for an organisation imho, or is there a reason I havent discovered yet?
Keep up the great work, so far, I’m really liking this 
Yes, you can create an intermediate signing CA certificate inside UCS, but it’s usually recommended to keep the root CA and intermediate CA separate for better security and flexibility. The root CA is typically kept offline and only used to sign intermediates, while the intermediates handle day-to-day certificate signing. Regarding the 5-year limit, that’s more of a best practice for security and renewal cycles, though it can feel short for an organization; shorter lifetimes reduce risk if a key ever gets compromised. I think this solution can work for you and provide simple guidance for further. I hope it helps!