Title says it - I want a simple CA that doesn’t overcomplicate things (looking at you, EJBCA). I need it to serve at least CRLs or better OCSP automatically for the certs it manages. If it comes with a Web GUI, all the better, but doesn’t need to. Docker deployment would be sweet.
Currently handling this on an OPNSense I happen to be running, but that thing is also serving stuff to the public 'net, so I’d rather not have my crown jewels on there.
If overcomplicating things is a concern for you, then just use let’s encrypt. Running your own ca is a pain in the ass and probably decreases security for most people due to the difficulty of doing it correctly.