this post was submitted on 29 Jan 2024
57 points (96.7% liked)

Sysadmin

7716 readers
1 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 21 points 10 months ago* (last edited 10 months ago) (4 children)

Please no

It would be nice to figure out a way to get local SSL certs for .lan and .local domains though.

[–] [email protected] 13 points 10 months ago (1 children)

I just use a subdomain of my main domain and use dns validation of let's encrypt.

[–] [email protected] 7 points 10 months ago (2 children)

That requires outside authentication though. I think it would be cool to incorporate some SSL into dhcp

[–] [email protected] 11 points 10 months ago (1 children)

That will never happen. SSL is based on trust, and the trust root will never blindly delegate to whatever happens in random LANs. Subdomain is 100% the right approach for internal network.

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago) (1 children)

It can and has already happened. You can make your own root ca. Internal domains need internal root cas. Is it a pia to setup yes. Do I have it installed on my unrooted android phone and linux computers? Yes.

Edit: I didn't see the dhcp part. But you can still make your own root ca

[–] [email protected] 1 points 10 months ago (1 children)

op was obviously referring to public root CAs

[–] [email protected] 1 points 10 months ago (1 children)
[–] [email protected] 1 points 10 months ago* (last edited 10 months ago) (1 children)

and IT'S OK, we don't want you to burn out

[–] [email protected] 1 points 10 months ago (1 children)

I'm already burnt out. Womp womp

[–] [email protected] 1 points 10 months ago (1 children)
[–] [email protected] 2 points 10 months ago

Rare here but I'll try and find one

[–] [email protected] 4 points 10 months ago

The maintainers of DHCP can't even be bothered standardising a query to check if an address is currently in use, doubt they could take on being a CA at the same time

[–] [email protected] 4 points 10 months ago

Time for your own CA

[–] Supermariofan67 2 points 10 months ago (1 children)
[–] [email protected] 6 points 10 months ago* (last edited 10 months ago)

Internal is 8 letters while lan is three

[–] [email protected] 1 points 10 months ago

You can do this, I already use .internal and you can male your own root ca and make your own certificates with that