Subnostr

I guess I don't see it as a big deal because my certificate lifetime has been set to 24 hours for a few years now. Then again, I also run my own private CA, so I'm not worried about being DoSed.

Plus, if my certs ever were to expire, it's not like I'm going to lose millions of dollars in revenue for every hour of downtime or anything like that. Thanks for explaining your perspective.

Enki 1y ago

Wait a second, you can run your own private CA and it doesn't come off as a self-signed cert?

That I'm interested in.

Reply to this note

Please Login to reply.

Discussion

Low Information Voter 1y ago

You have to manually install your root cert on every machine you want to trust your certs, but yes, it works :)

Enki 1y ago

Oooooh. Fine by me lol.

Dr. Hax 1y ago

If you write a worm, you could automate this task. 😂😈

Dr. Hax 1y ago

Get ready to be disappounted. The only reason it doesn't come up as untrusted (for me) is because I've added my CA to my list of trusted CAs. So I only do this with internal services (local HTTPS services, SSH, etc.). The services are not just available to me, but I know all the users personally and they're all willing to install my CA.

For any public service, you're stuck with getting a cert from someone in the default list that ships with Firefox, Chrome, the O/S, Java, etc. That is, unless you are in a situation where you can get your clients/visitors to install your CA.

My public services use LetsEncrypt like most everyone else.

Enki 1y ago

Ah darn ok. I knew you could install your own root CA and use your own SSL certs in your own systems. I do that already. I thought you were talking about somehow, running a private CA that works for public things.