Comment by stephenmac98
Comment by stephenmac98 2 days ago
"This is good enough because I don't expect anyone other than me will use it" is lazy
What would happen if you connected to your mail client today and you got prompted "Trust this certificate?" showing a certificate with the same subject as the one you generated? Most people would click trust and get MITM'ed
Allowing self signed certificates significantly lowers the bar when it comes to generating a new certificate which can closely resemble an existing certificate
Beyond that, the management of multiple trusted certificates creates all sorts of room for confusion in an environment. Presumably most services that you run, run over TLS, do you really maintain every certificate both on it's application and on everything which needs to connect to it? That's a huge amount more effort than signing all your PKI with an internal CA, the configuring your connecting applications to trust that CA
> Most people would click trust and get MITM'ed
So accept self signed on first connection with a detailed panel showing the certificate fingerprint. Then after that require a more involved process to accept a new certificate.
> do you really maintain every certificate both on it's application and on everything which needs to connect to it?
These are client certificates, and in some cases, they're actually pretty awesome.
> than signing all your PKI with an internal CA
That's a single layer of abstraction away from a self signed certificate, because, your CA _is_ a self signed certificate in this scenario. You've taken any defense in depth and thrown it right out the window.
The purpose of software is to make things possible not enforce random pedantry.