• Sal
    link
    English
    291 year ago

    If it is for internal only, self signed is a lot easier.

    • KSP Atlas
      link
      fedilink
      11 year ago

      Also probably no sysadmin uses it, but the Gemini protocol requires the use of a self signed cert

    • @[email protected]
      link
      fedilink
      -31 year ago

      Hard disagree. As long as you have any machine with internet access it’s trivial, even more so if you can use DNS challenge.

      • @SomeKindaName
        link
        3
        edit-2
        1 year ago

        You’re absolutely correct. For self hosting at home I use cloudflare for DNS challenges.

        Caddy is also amazing at making things even simpler.

    • nickwitha_k (he/him)
      link
      fedilink
      -51 year ago

      So is using “pass” as the password to all of your sensitive systems. Still not best, or even good practice.

      • JWBananas
        link
        fedilink
        English
        181 year ago

        Are you conflating self-signed and untrusted?

        Self-signed is fine if you have a trusted root deployed across your environment.

        • nickwitha_k (he/him)
          link
          fedilink
          41 year ago

          Correct. If using actual pki with a trusted root and private CA, you’re just fine.

          I took the statement to mean ad-hoc self-signed certs, signed by the server that they are deployed on. That works for EiT but defeats any MitM protection, etc.