Comment on Certificate management
lal309@lemmy.world 1 year ago
I went with the OpenSSL CA as cryptography has been a weakness of mine and I needed to tackle it. Glad I did, learned a lot throughout the process.
Importing certs is a bit of a pain at first but I just made my public root ca cert valid for 3 years (maybe 5 I can’t remember) and put that public cert in a file share accessible to all my home devices. From each device I go to the file share once, import the public root ca cert and done. It’s a one time per device pain so it’s manageable in my opinion.
Each service gets a 90 day cert signed by root ca and imported to nginx proxy manager to serve up for the service (wikijs.mydomain.io).
Anything externally exposed I use let’s encrypt for cert generation (within NPM) and internally I use the OpenSSL setup.
If you document your process and you’ve done it a few times, it’s gets quicker and easier.
TechAdmin@lemmy.world 1 year ago
You can self-host ACME server which lets you use certbot to do automatic renewals even for private, internal only certs. I don’t know if it would work with NPM. I plan to test that out at some point in the future but my current setup works & I’m not ready to break it for a maybe yet :P