• 0 Posts
  • 8 Comments
Joined 1 year ago
cake
Cake day: June 7th, 2023

help-circle






  • I’ve been doing it this way for many years, before LetsEncrypt was around. Maybe some day I will switch so I can become dependent on another third party (though I do use LetsEncrypt for public-facing services).

    Yes, telling your computer to trust a certificate chain that you are responsible for securing may significantly increase your attack surface. It’s easy to forget about that root cert (I actually push mine via GPO).