Sysadmin

7716 readers

12 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 1 year ago

MODERATORS

[email protected]

308

You have a organizational identity right? (lemmy.zip)

submitted 1 year ago by [email protected] to c/[email protected]

35 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 55 points 1 year ago* (last edited 1 year ago) (20 children)

Why would anyone ever use self signed certs? Buy a cheap ass domain, and use LetsEncrypt to get a free cert.

[–] [email protected] 29 points 1 year ago (6 children)

If it is for internal only, self signed is a lot easier.

[–] [email protected] -5 points 1 year ago (2 children)

So is using "pass" as the password to all of your sensitive systems. Still not best, or even good practice.

[–] [email protected] 18 points 1 year ago (1 children)

Are you conflating self-signed and untrusted?

Self-signed is fine if you have a trusted root deployed across your environment.

[–] [email protected] 4 points 1 year ago

Correct. If using actual pki with a trusted root and private CA, you're just fine.

I took the statement to mean ad-hoc self-signed certs, signed by the server that they are deployed on. That works for EiT but defeats any MitM protection, etc.

load more comments (3 replies)

load more comments (16 replies)