Also see SSH certificate authority.
The internal CA doesn't see much use anymore with the advent of Let's Encrypt. (Previously it was the main CA used to issue certificates for my own servers, as well as certain Cluenet services.)
It is still used for client authentication (VPN & PKINIT).
X.509 certificate: Nullroute_CA_r4.crt or Nullroute_CA_r4.pem
(PGP signatures: Nullroute_CA_r4.crt.asc or Nullroute_CA_r4.pem.asc)
CN=Nullroute CA r4, O=Nullroute, C=LT
X.509 certificate: Cluenet_CA.crt or Cluenet_CA.pem
(PGP signatures: Cluenet_CA.crt.asc or Cluenet_CA.pem.asc)
E=crispy\40cluenet\2Eorg, OU=CA, O=Cluenet, L=New York, ST=New York, C=US, CN=Cluenet CA