Comment on HTTPS on homelab (just locally)
Findmysec@infosec.pub 2 months agoRunning a CA is cool however, just be aware of the risks involved with running your own CA.
All they say that if the private key is stolen then you’re screwed. Think about it, if an attacker can:
- Get into your network.
- Presumably bypass key-based ssh/container runtime protections
- Access pod/VM which is running the CA
- Bypass default MAC settings (Apparmor on debian, SELinux on RHEL)
- Steal private key without you knowing on your logs
You have a much bigger problem my friend
TCB13@lemmy.world 2 months ago
While I agree with you, an attacker may not need to go to such lengths in order to get the PK. The admin might misplace it or have a backup somewhere in plain text.