EODdoUbleU

joined 2 years ago

Finally using SSL certs on my local services, no more HTTPS warnings. Someone appreciate because my GF could care less in c/homelab@selfhosted.forum

[–] EODdoUbleU@alien.top 0 points 2 years ago (1 children)

Prepare HTTP (plain HTTP, no TLS) server to serve your intermediate/signing certificates (for AIA protocol) and CRL (for validation)

Or create a repository on Github, point ca.yourdomain.com to Github Pages and publish there. Doing this solves the PKI chicken-and-egg problem for a homelab and doesn't tie up any resources to serve them.

permalink
fedilink
source
context

Finally using SSL certs on my local services, no more HTTPS warnings. Someone appreciate because my GF could care less in c/homelab@selfhosted.forum

[–] EODdoUbleU@alien.top 0 points 2 years ago (3 children)

For my Root I use OpenSSL with the pkcs11 module to keep the keys on a Yubikey, then I use Step CA as an intermediate/issuing.

permalink
fedilink
source
context