329

You have a organizational identity right? (lemmy.zip)

submitted 2 years ago by possiblylinux127@lemmy.zip to c/sysadmin@lemmy.world

33 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Sallp@lemmy.world 29 points 2 years ago

If it is for internal only, self signed is a lot easier.

[-] nickwitha_k@lemmy.sdf.org 10 points 2 years ago

So is using "pass" as the password to all of your sensitive systems. Still not best, or even good practice.

[-] JWBananas@startrek.website 19 points 2 years ago

Are you conflating self-signed and untrusted?

Self-signed is fine if you have a trusted root deployed across your environment.

[-] nickwitha_k@lemmy.sdf.org 6 points 2 years ago

Correct. If using actual pki with a trusted root and private CA, you're just fine.

I took the statement to mean ad-hoc self-signed certs, signed by the server that they are deployed on. That works for EiT but defeats any MitM protection, etc.

[-] KairuByte@lemmy.dbzer0.com 3 points 2 years ago

Hard disagree. As long as you have any machine with internet access it’s trivial, even more so if you can use DNS challenge.

[-] KSPAtlas@sopuli.xyz 1 points 2 years ago

Also probably no sysadmin uses it, but the Gemini protocol requires the use of a self signed cert

this post was submitted on 02 Oct 2023

329 points (100.0% liked)

Sysadmin

8807 readers

32 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 2 years ago

MODERATORS

DarraignTheSane@lemmy.world

00Lemming@lemmy.world

L3s@lemmy.world