Comment on HTTPS on homelab (just locally)

<- View Parent
Findmysec@infosec.pub ⁨4⁩ ⁨months⁩ ago

Running a CA is cool however, just be aware of the risks involved with running your own CA.

All they say that if the private key is stolen then you’re screwed. Think about it, if an attacker can:

  1. Get into your network.
  2. Presumably bypass key-based ssh/container runtime protections
  3. Access pod/VM which is running the CA
  4. Bypass default MAC settings (Apparmor on debian, SELinux on RHEL)
  5. Steal private key without you knowing on your logs

You have a much bigger problem my friend

source
Sort:hotnewtop