I've a task to create Certificate Authority for company use. Preferably using "valid" ( not self-signed) certificate. The goal is to issue individual certificates for subdomains, instead of wildcard, plus sub-subdomains, not covered by wildcard cert, users, services, etc.
All this may be limited to a single domain only.
As I understand I need valid certificate which has certain capabilities in it
like this Key Cert Sign, CRL Sign
.
Is that true and can someone point me to the documentation and SSL provider who can sell me that kind of certificate ?
Thanks.
UPDATE: Thanks for the comments: I may need to rephrase my question then, what is needed to issue publicly valid certificates for services and users ? There are some sites issuing user certificates, like this https://www.comodo.com/home/email-security/free-email-certificate.php. But I don't want to rely on public and free services for company use and would rather use something constant and reliable.