(shkspr.mobi)

238 points edent | 3 comments | 05 Jan 22 12:42 UTC | HN request time: 0.731s | source

Show context

thrower123 ◴[05 Jan 22 15:09 UTC] No.29809874[source]▶

Is it that hard to setup an internal CA? I have no idea what I'm doing, and I managed one for years until we moved offices and ditched our LAN.

replies(2): >>29810066 #>>29812549 #

1. jeremyjh ◴[05 Jan 22 15:24 UTC] No.29810066[source]▶

>>29809874 #

The hard part is getting the root certificate in the trust store on every device in your organization.

replies(2): >>29810796 #>>29812568 #

2. tzs ◴[05 Jan 22 16:13 UTC] No.29810796[source]▶

>>29810066 (TP) #

Worse, it is often not the trust store on every device. It is often multiple trust stores on a device.

The OS might have one. Each browser might have its own. For a developer, each language they use might need separate configuration to get its libraries to use the certificate.

3. midasuni ◴[05 Jan 22 18:03 UTC] No.29812568[source]▶

>>29810066 (TP) #

Active Directory for windows, MDM for OSX and phones, custom package for linux.

↑

Should you use Let's Encrypt for internal hostnames?