Middle ground certainly exists and has done for decades already. MacOS X has shipped with a very capable PKI GUI for a long time. It's obscure and not well known, but:
1. Start the Keychain App and you can manage your certs and keys.
2. Click the app menu, Certificate Assistant and then one of the options there to open wizards for various PKI related tasks.
The certificate assistant is quite amazing. It can do an enormous amount of stuff, including things like actually running a whole CA for you complete with creating root certs, intermediate certs, gathering CSRs, converting them into issued certs, evaluating cert validity, rendering cert contents and so on.
People don't know about it because only developers interact with certs really, and documentation likes to have copy/pasteable commands that work on Linux as well as OS X.
1. Start the Keychain App and you can manage your certs and keys.
2. Click the app menu, Certificate Assistant and then one of the options there to open wizards for various PKI related tasks.
The certificate assistant is quite amazing. It can do an enormous amount of stuff, including things like actually running a whole CA for you complete with creating root certs, intermediate certs, gathering CSRs, converting them into issued certs, evaluating cert validity, rendering cert contents and so on.
People don't know about it because only developers interact with certs really, and documentation likes to have copy/pasteable commands that work on Linux as well as OS X.