Comment by Snakes3727

Comment by Snakes3727 a day ago

3 replies

View on Hacker News

As someone who works at a company who has to manage millions of SSL certificates for IoT devices in extremely terrible network situations I dread this.

One of the biggest issues is handling renewals at scale, and I hate it. Another increasingly frusturation is challenges via DNS are not quick.

nine_k a day ago

Are these IoT devices expected to be accessible via a regular Web browser from the public Internet? Does each of them represent a separate domain than needs a separate certificate, which it must not share with other similar devices?

Reply View 0 replies
nickf a day ago

I would strongly suggest that these certs have no reason to be from a public CA and thus you can (and should) move them to a private CA where these rules don't apply.

Reply View 1 reply
  • cpach 21 hours ago

    For those who want to solve the problem buy throwing money at it, one can probably buy a solution for this. I’m thinking of stuff like AWS IoT Core, I would guess there are other vendors in that space too.

    Reply View 0 replies