Friday, March 15, 2024

Banish OEM self-signed certs forever and roll your own private LetsEncrypt


Banish OEM self-signed certs forever and roll your own private LetsEncrypt

Enlarge (credit: Aurich Lawson | Getty Images)

Previously, on "Weekend Projects for Homelab Admins With Control Issues," we created our own dynamically updating DNS and DHCP setup with bind and dhcpd. We laughed. We cried. We hurled. Bonds were forged, never to be broken. And I hope we all took a little something special away from the journey—namely, a dynamically updating DNS and DHCP setup. Which we're now going to put to use!

If you're joining us fresh, without having gone through the previous part and wanting to follow this tutorial, howdy! There might be some parts that are more difficult to complete without a local instance of bind (or other authoritative resolver compatible with nsupdate). We'll talk more about this when we get there, but just know that if you want to pause and go do part one first, you may have an easier time following along.

The quick version: A LetsEncrypt of our own

This article will walk through the process of installing step-ca, a standalone certificate authority-in-a-box. We'll then configure step-ca with an ACME provisioner—that's Automatic Certificate Management Environment, the technology that underpins LetsEncrypt and facilitates the automatic provisioning, renewal, and revocation of SSL/TLS certificates.

Read 118 remaining paragraphs | Comments

Reference : https://ift.tt/8wTdRba

No comments:

Post a Comment

QNAP firmware update leaves NAS owners locked out of their boxes

A recent firmware pushed to QNAP network attached storage (NAS) devices left a number of owners unable to access their storage systems. Th...