top | item 37542085 (no title) wejn | 2 years ago Because:1. ACME is a dumpster fire prone to mitm attacks.2. without HSM (an additional investment) it's super bad idea to host your root CA signing key somewhere. discuss order hn newest firesteelrain|2 years ago This is an internal, airgapped network.We stood up the root CA, created the certificate, imported it, then destroyed the root CA. It’s a common security practice. Root CA can then never be compromised wejn|2 years ago If you destroy the CA, how do you issue new certs via ACME? load replies (1)
firesteelrain|2 years ago This is an internal, airgapped network.We stood up the root CA, created the certificate, imported it, then destroyed the root CA. It’s a common security practice. Root CA can then never be compromised wejn|2 years ago If you destroy the CA, how do you issue new certs via ACME? load replies (1)
firesteelrain|2 years ago
We stood up the root CA, created the certificate, imported it, then destroyed the root CA. It’s a common security practice. Root CA can then never be compromised
wejn|2 years ago