(shkspr.mobi)

238 points edent | 1 comments | 05 Jan 22 12:42 UTC | HN request time: 0.221s | source

Show context

tomc1985 ◴[05 Jan 22 16:05 UTC] No.29810658[source]▶

Why not just be your own signing authority for internal domains? You can propagate your toplevel public cert with most enterprise network provisioning tools.

replies(2): >>29810766 #>>29811122 #

YPPH ◴[05 Jan 22 16:11 UTC] No.29810766[source]▶

>>29810658 #

Running your own PKI is fairly straightforward, particularly with tools like cfssl at your disposal.

But running your own PKI properly is quite hard.

Let's Encrypt gives you top tier PKI management for $0.

replies(3): >>29810878 #>>29811090 #>>29815154 #

1. amelius ◴[05 Jan 22 21:25 UTC] No.29815154[source]▶

>>29810766 #

> Let's Encrypt gives you top tier PKI management for $0.

Ok, but it fails at one of the requirements.

↑

Should you use Let's Encrypt for internal hostnames?