Comment

Comment on Decreasing Certificate Lifetimes to 45 Days

Why can’t you just have a long lived internally signed cert on your archaic apps and LE at the edge on a modern proxy? It’s easy enough to have the proxy trust the internal cert and connect to your backend service that shouldn’t know the difference if there’s a proxy or not.

Or is your problem client side?

source

Sort:hotnew top

sparky@lemmy.federate.cc ⁨1⁩ ⁨week⁩ ago
That’s actually a really good idea. I’m not the person you replied to, but I’m taking notes.

source
Zanathos@lemmy.world ⁨1⁩ ⁨week⁩ ago
One such app I can think of would be a client side issue. If the public cert doesnt match the back end private cert it will sever the connection and mark it as insecure. Hopefully I won’t need to deal with it much longer though.

I just heard back from my other team that “this project sounds great for your team” even though they manage many of their own apps and certificates. Perhaps I should just let them burn then!

source