The main use case brought up is supporting people still on Win XP SP2 (released in August 2004), when the answer should be for them to upgrade to something newer, either OS or browser.<p>That said, there are probably a lot of embedded systems of similar ancient vintage that may not be easily upgradable. The wisdom of having them internet connected is questionable at best.<p>It appears that this really works best with CloudFlare's systems - if you're looking to set up your own CA, and want help working through all the openssl commands and configuration files, this is pretty helpful:<p><a href="https://pki-tutorial.readthedocs.org/en/latest/" rel="nofollow">https://pki-tutorial.readthedocs.org/en/latest/</a>
Cert bundling has always been a pain -- people getting intermediate certs wrong, and thus things working in some browsers and not others. I don't think a huge number of people will ever use a tool like this to run their own CA (but that's great that they can), but a lot of admins have to deal with cert bundling.
This makes good on a promise we made a long ago to release this code and our bundles. Many people on HN have bitched about us not making good on that promise