307

You have a organizational identity right? (lemmy.zip)

submitted 1 year ago by possiblylinux127@lemmy.zip to c/sysadmin@lemmy.world

34 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Sallp@lemmy.world 29 points 1 year ago

If it is for internal only, self signed is a lot easier.

[-] KSPAtlas@sopuli.xyz 1 points 1 year ago

Also probably no sysadmin uses it, but the Gemini protocol requires the use of a self signed cert

[-] KairuByte@lemmy.dbzer0.com -3 points 1 year ago

Hard disagree. As long as you have any machine with internet access it’s trivial, even more so if you can use DNS challenge.

[-] SomeKindaName@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

You're absolutely correct. For self hosting at home I use cloudflare for DNS challenges.

Caddy is also amazing at making things even simpler.

[-] nickwitha_k@lemmy.sdf.org -5 points 1 year ago

So is using "pass" as the password to all of your sensitive systems. Still not best, or even good practice.

[-] JWBananas@startrek.website 18 points 1 year ago

Are you conflating self-signed and untrusted?

Self-signed is fine if you have a trusted root deployed across your environment.

[-] nickwitha_k@lemmy.sdf.org 4 points 1 year ago

Correct. If using actual pki with a trusted root and private CA, you're just fine.

I took the statement to mean ad-hoc self-signed certs, signed by the server that they are deployed on. That works for EiT but defeats any MitM protection, etc.

this post was submitted on 02 Oct 2023

307 points (93.7% liked)

Sysadmin

7640 readers

1 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 1 year ago

MODERATORS

DarraignTheSane@lemmy.world

00Lemming@lemmy.world

L3s@lemmy.world