this post was submitted on 29 Jan 2024
56 points (96.7% liked)

Sysadmin

7688 readers
612 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] possiblylinux127@lemmy.zip 21 points 9 months ago* (last edited 9 months ago) (4 children)

Please no

It would be nice to figure out a way to get local SSL certs for .lan and .local domains though.

[–] jlh@lemmy.jlh.name 13 points 9 months ago (1 children)

I just use a subdomain of my main domain and use dns validation of let's encrypt.

[–] possiblylinux127@lemmy.zip 7 points 9 months ago (2 children)

That requires outside authentication though. I think it would be cool to incorporate some SSL into dhcp

[–] nbailey@lemmy.ca 11 points 9 months ago (1 children)

That will never happen. SSL is based on trust, and the trust root will never blindly delegate to whatever happens in random LANs. Subdomain is 100% the right approach for internal network.

[–] duplexsystem@lemmy.blahaj.zone 2 points 9 months ago* (last edited 9 months ago) (1 children)

It can and has already happened. You can make your own root ca. Internal domains need internal root cas. Is it a pia to setup yes. Do I have it installed on my unrooted android phone and linux computers? Yes.

Edit: I didn't see the dhcp part. But you can still make your own root ca

[–] superbirra@lemmy.world 1 points 9 months ago (1 children)

op was obviously referring to public root CAs

[–] duplexsystem@lemmy.blahaj.zone 1 points 9 months ago (1 children)
[–] superbirra@lemmy.world 1 points 9 months ago* (last edited 9 months ago) (1 children)

and IT'S OK, we don't want you to burn out

[–] duplexsystem@lemmy.blahaj.zone 1 points 9 months ago (1 children)

I'm already burnt out. Womp womp

[–] superbirra@lemmy.world 1 points 9 months ago (1 children)
[–] duplexsystem@lemmy.blahaj.zone 2 points 9 months ago

Rare here but I'll try and find one

[–] Fontasia@feddit.nl 4 points 9 months ago

The maintainers of DHCP can't even be bothered standardising a query to check if an address is currently in use, doubt they could take on being a CA at the same time

[–] MigratingtoLemmy@lemmy.world 4 points 9 months ago

Time for your own CA

[–] Supermariofan67@programming.dev 2 points 9 months ago (1 children)
[–] possiblylinux127@lemmy.zip 6 points 9 months ago* (last edited 9 months ago)

Internal is 8 letters while lan is three

[–] duplexsystem@lemmy.blahaj.zone 1 points 9 months ago

You can do this, I already use .internal and you can male your own root ca and make your own certificates with that