Possibly linux to Sysadmin@lemmy.worldEnglish • 9 months agoYou have a organizational identity right?lemmy.zipimagemessage-square33fedilinkarrow-up1329
arrow-up1329imageYou have a organizational identity right?lemmy.zipPossibly linux to Sysadmin@lemmy.worldEnglish • 9 months agomessage-square33fedilink
minus-squarenickwitha_k (he/him)linkfedilink10•9 months agoSo is using “pass” as the password to all of your sensitive systems. Still not best, or even good practice.
minus-squareJWBananaslinkfedilinkEnglish19•9 months agoAre you conflating self-signed and untrusted? Self-signed is fine if you have a trusted root deployed across your environment.
minus-squarenickwitha_k (he/him)linkfedilink6•9 months agoCorrect. If using actual pki with a trusted root and private CA, you’re just fine. I took the statement to mean ad-hoc self-signed certs, signed by the server that they are deployed on. That works for EiT but defeats any MitM protection, etc.
So is using “pass” as the password to all of your sensitive systems. Still not best, or even good practice.
Are you conflating self-signed and untrusted?
Self-signed is fine if you have a trusted root deployed across your environment.
Correct. If using actual pki with a trusted root and private CA, you’re just fine.
I took the statement to mean ad-hoc self-signed certs, signed by the server that they are deployed on. That works for EiT but defeats any MitM protection, etc.