Possibly linux@lemmy.zip to Sysadmin@lemmy.worldEnglish · 1 year agoYou have a organizational identity right?lemmy.zipimagemessage-square35fedilinkarrow-up1328arrow-down121
arrow-up1307arrow-down1imageYou have a organizational identity right?lemmy.zipPossibly linux@lemmy.zip to Sysadmin@lemmy.worldEnglish · 1 year agomessage-square35fedilink
minus-squareSal@lemmy.worldlinkfedilinkEnglisharrow-up28arrow-down1·1 year agoIf it is for internal only, self signed is a lot easier.
minus-squareKSP Atlaslinkfedilinkarrow-up1·1 year agoAlso probably no sysadmin uses it, but the Gemini protocol requires the use of a self signed cert
minus-squareKairuByte@lemmy.dbzer0.comlinkfedilinkarrow-up4arrow-down7·1 year agoHard disagree. As long as you have any machine with internet access it’s trivial, even more so if you can use DNS challenge.
minus-squareSomeKindaName@lemmy.worldlinkfedilinkarrow-up3·edit-21 year agoYou’re absolutely correct. For self hosting at home I use cloudflare for DNS challenges. Caddy is also amazing at making things even simpler.
minus-squarenickwitha_k (he/him)@lemmy.sdf.orglinkfedilinkarrow-up10arrow-down13·1 year agoSo is using “pass” as the password to all of your sensitive systems. Still not best, or even good practice.
minus-squareJWBananas@startrek.websitelinkfedilinkEnglisharrow-up18arrow-down1·1 year agoAre you conflating self-signed and untrusted? Self-signed is fine if you have a trusted root deployed across your environment.
minus-squarenickwitha_k (he/him)@lemmy.sdf.orglinkfedilinkarrow-up6arrow-down2·1 year agoCorrect. If using actual pki with a trusted root and private CA, you’re just fine. I took the statement to mean ad-hoc self-signed certs, signed by the server that they are deployed on. That works for EiT but defeats any MitM protection, etc.
If it is for internal only, self signed is a lot easier.
Also probably no sysadmin uses it, but the Gemini protocol requires the use of a self signed cert
Hard disagree. As long as you have any machine with internet access it’s trivial, even more so if you can use DNS challenge.
You’re absolutely correct. For self hosting at home I use cloudflare for DNS challenges.
Caddy is also amazing at making things even simpler.
So is using “pass” as the password to all of your sensitive systems. Still not best, or even good practice.
Are you conflating self-signed and untrusted?
Self-signed is fine if you have a trusted root deployed across your environment.
Correct. If using actual pki with a trusted root and private CA, you’re just fine.
I took the statement to mean ad-hoc self-signed certs, signed by the server that they are deployed on. That works for EiT but defeats any MitM protection, etc.