Comment on How do you all handle security and monitoring for your publicly accessible services?
j4k3@lemmy.world 4 days agoI mean more like a self signed TLS certificate with your own host manually set in the browser. Then only make the TLS port available, or something like that. If you have access to both(all) devices, you should be able to fully encrypt by bruit force and without registering the certificate with anyone. That is what I do with AI at home.
oh, my mistake. tbh, I don’t know enough about it but I’m interested. Why set up a TLS cert for AI at home? How is that benefiting you and your setup?
I’ve seen some people set up SSL certs for self hosted services and not make them publicly available but I didn’t get around to seeing why they were doing it
peregus@lemmy.world 4 days ago
I don’t know much about certificates, but doesn’t that just alert the browser that the certificate is not trusted and you can decide if keep going or not?
j4k3@lemmy.world 4 days ago
Sorta, you have to install your certificate authority into the browser and it might complain about verifying that but it will still connect with the encryption.
peregus@lemmy.world 4 days ago
No no, what I meant is that if I connect to your server without the certificate installed don’t I just get the warning and I can still get through?
j4k3@lemmy.world 4 days ago
Not unless an http port is open too. If the only port is https, you have to have the certificate. Like with my AI stuff it acts like the host is down if I try to connect with http. You have to have the certificate to decrypt anything at all from the host.