deleted by creator

Yeah you can still do a lot of damage in a few hours, but 45 days is a meaningful reduction in exposure time from year+

That’s a complaint about those phones not PKI in general then. Though it’s surprising their enterprise support won’t let you since that is (or was) a fairly common thing for businesses to do.

Isn’t this just CRL in reverse? And CRL sucks or we wouldn’t be having this discussion. Part of the point of cryptographically signing a cert is so you don’t have to do this if you trust the issuer.

Cryptography already makes it infeasible for a malicious actor to create a fake cert. The much more common attack vector is having a legitimate cert’s private key compromised.

Browsers are only a (large) fraction of SSL traffic.

Good point, sounds like a good thing for most people

NT was built to be a business OS, and the original Windows was killed off for everyone in favor of NT with XP

UAC can be configured to require a password, just like sudo can be required to not require a password. These things function the same on Windows and Linux.

When that whole thing started up Nazis seemed a lot less “real” imo. I liked it better when they occupied a similar space as pirates and ninjas…

Is this project still a dumpster fire?

The term to look for is out of band management. Typically this will provide serial/console access to a device, and can often perform actions like power cycling. A lot of server hardware has this built in (eg idrac for Dell, IPMI generically). Some users will have a separate oobm network for remotely accessing/managing everything else.

Because there are a lot of people with different goals that conflict with each other? Which is true in lots and lots of other things.

It amazes me that so many people obsessed about self hosting everything use this service - really asking for it.

TY for mentioning/explaining scoping.

I didn’t say you were, I said you were asking about a topic that enters that area.

You’re entering the realm of enterprise AI horizontal scaling which is $$$$

deleted by creator

I thought I had a lot of RAM with 64

Import it into the trust store in the browser/OS. It should be the same (or very similar) operation for a self-signed cert and a CA that isn’t subordinate to the standard internet root CAs.

If you can’t import your own root CA cert then you’re probably screwed on both fronts and are going to have to use certs issued by a public CA that’s subordinate to a commonly trusted root CA.

My point here is that there’s little distinguishing a self-signed cert and a cert issued by your own private CA for most people that are self-hosting.

Trust the self signed cert. Works similarly to trusting a CA.