misk@sopuli.xyz to Technology@lemmy.worldEnglish · 20 days agoSysadmins slam Apple’s SSL/TLS cert lifespan cutswww.theregister.comexternal-linkmessage-square3fedilinkarrow-up13arrow-down10
arrow-up13arrow-down1external-linkSysadmins slam Apple’s SSL/TLS cert lifespan cutswww.theregister.commisk@sopuli.xyz to Technology@lemmy.worldEnglish · 20 days agomessage-square3fedilink
minus-squareAntithetical@lemmy.deedium.nllinkfedilinkEnglisharrow-up0·20 days agoI’m sorry, but have you ever needed to manage some certificates for a legacy system or something that isn’t just a simple public facing webserver? Automation becomes complicated very quickly. And you don’t want to give DNS mutation access to all those systems to renew with DNS-01.
minus-squareanonymous111@lemmy.worldlinkfedilinkEnglisharrow-up1·20 days agoAhh yes the: we can’t have self signed certificates for security reasons but also can’t open up the environment to the web, and we dont have our own CA server, trifecta. Solution: awkward, manual, certificate import process from a 3rd party vendor.
I’m sorry, but have you ever needed to manage some certificates for a legacy system or something that isn’t just a simple public facing webserver?
Automation becomes complicated very quickly. And you don’t want to give DNS mutation access to all those systems to renew with DNS-01.
Ahh yes the: we can’t have self signed certificates for security reasons but also can’t open up the environment to the web, and we dont have our own CA server, trifecta.
Solution: awkward, manual, certificate import process from a 3rd party vendor.