(shkspr.mobi)

238 points edent | 1 comments | 05 Jan 22 12:42 UTC | HN request time: 0.207s | source

Show context

AtNightWeCode ◴[05 Jan 22 17:29 UTC] No.29811987[source]▶

A public CA is for having a third-party entity so two different parties do not need to trust each other. So, the answer is no. Why would you even consider this for internal communication?

replies(1): >>29813837 #

jopsen ◴[05 Jan 22 19:39 UTC] No.29813837[source]▶

>>29811987 #

Installing a root CA on devices is risky.

From the article:

> It means your employees aren't constantly fighting browser warnings when trying to submit stuff internally.

If your employees gets a habit of ignoring certificate warnings then you have much bigger problems than leaking internal domain names.

replies(1): >>29815150 #

1. AtNightWeCode ◴[05 Jan 22 21:25 UTC] No.29815150[source]▶

>>29813837 #

Clients should not ignore the certificate warnings. You install the certificates on the client machines.

↑

Should you use Let's Encrypt for internal hostnames?