Possibly linux to Sysadmin@lemmy.worldEnglish • 9 months agoYou have a organizational identity right?lemmy.zipimagemessage-square33fedilinkarrow-up1329
arrow-up1329imageYou have a organizational identity right?lemmy.zipPossibly linux to Sysadmin@lemmy.worldEnglish • 9 months agomessage-square33fedilink
minus-squareJWBananaslinkfedilinkEnglish19•9 months agoAre you conflating self-signed and untrusted? Self-signed is fine if you have a trusted root deployed across your environment.
minus-squarenickwitha_k (he/him)linkfedilink6•9 months agoCorrect. If using actual pki with a trusted root and private CA, you’re just fine. I took the statement to mean ad-hoc self-signed certs, signed by the server that they are deployed on. That works for EiT but defeats any MitM protection, etc.
Are you conflating self-signed and untrusted?
Self-signed is fine if you have a trusted root deployed across your environment.
Correct. If using actual pki with a trusted root and private CA, you’re just fine.
I took the statement to mean ad-hoc self-signed certs, signed by the server that they are deployed on. That works for EiT but defeats any MitM protection, etc.