Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's ok, that's how you normally do it. But then the second step is adding that CA to the trusted store on all relevant clients, so that it can actually get verified. (Otherwise why bother with the CA, just self-sign everything individually)


It’s our lack of a DevOps / Platform Dept. Our traditional IT groups won’t do it sadly

I mean invest in Smallstep SSH - nope


So let me get this straight: your IT won't do something, you're too lazy to add one flag to your scripts, so your solution is to ask that everyone has their security downgraded instead? That's... one way to approach tech issues.


It’s obviously not a suggestion for everyone as I understand. If I could edit my original comment I would strike out my suggestion.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: