←back to thread

Should you use Let's Encrypt for internal hostnames?

(shkspr.mobi)
238 points edent | 1 comments | 05 Jan 22 12:42 UTC | HN request time: 0.001s | source
Show context
meepmorp ◴[05 Jan 22 14:11 UTC] No.29809113[source]
I've used https://smallstep.com/docs/step-ca/ as a CA internally, works well.
replies(4): >>29809289 #>>29809335 #>>29810148 #>>29811399 #
mrweasel ◴[05 Jan 22 14:25 UTC] No.29809289[source]
What I'd want is an internal CA, like step-ca, but have the certificates signed by a "real" CA, so I don't have to distribute my own root CA certificate.
replies(7): >>29809419 #>>29809851 #>>29809903 #>>29810475 #>>29810488 #>>29811401 #>>29812390 #
dnautics ◴[05 Jan 22 15:53 UTC] No.29810488[source]
Out of curiosity, What's the problem with distributing your own root CAs? Is it security? Or is it "just a PITA"?
replies(1): >>29810502 #
1. Hamuko ◴[05 Jan 22 15:55 UTC] No.29810502[source]
Mostly the second.