🚀 Initial release: LAN-IOT Certificate Authority Signer

A lightweight, production-ready CA signer for ESP32-S3 IoT devices that generates short-lived SSL certificates with server-side key generation.

✨ Features:
• Server-side ECDSA P-256 key generation (no CSR needed on devices)
• Token-based authentication with rate limiting (5 req/min)
• Supports multiple certificate formats (PEM, base64, DER)
• Ready for Railway deployment with environment variable configuration
• Comprehensive deployment documentation

🔐 Security:
• Short-lived certificates (1-7 days recommended)
• Three-tier PKI model: Root CA (offline) → Intermediate CA → Device certs
• IP validation and private IP restrictions
• Helmet security headers and CORS configuration
• Rate limiting and request size limits

📦 Tech Stack: Node.js 20 + Express + OpenSSL + Zod validation

📄 License: Apache License 2.0

🌐 Deployment: Supports Railway, local development, and any Node.js hosting platform

Part of the LAN-IOT project - secure local-area network communication for IoT devices.