• Sal@lemmy.world
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    1
    ·
    1 year ago

    If it is for internal only, self signed is a lot easier.

    • KSP Atlas@sopuli.xyz
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Also probably no sysadmin uses it, but the Gemini protocol requires the use of a self signed cert

    • KairuByte@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      3
      arrow-down
      5
      ·
      1 year ago

      Hard disagree. As long as you have any machine with internet access it’s trivial, even more so if you can use DNS challenge.

      • SomeKindaName@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        You’re absolutely correct. For self hosting at home I use cloudflare for DNS challenges.

        Caddy is also amazing at making things even simpler.

      • JWBananas@startrek.website
        link
        fedilink
        English
        arrow-up
        17
        arrow-down
        1
        ·
        1 year ago

        Are you conflating self-signed and untrusted?

        Self-signed is fine if you have a trusted root deployed across your environment.

        • nickwitha_k (he/him)@lemmy.sdf.org
          link
          fedilink
          arrow-up
          5
          arrow-down
          2
          ·
          1 year ago

          Correct. If using actual pki with a trusted root and private CA, you’re just fine.

          I took the statement to mean ad-hoc self-signed certs, signed by the server that they are deployed on. That works for EiT but defeats any MitM protection, etc.