Comment by thrower123
3 years ago
Is it that hard to setup an internal CA? I have no idea what I'm doing, and I managed one for years until we moved offices and ditched our LAN.
3 years ago
Is it that hard to setup an internal CA? I have no idea what I'm doing, and I managed one for years until we moved offices and ditched our LAN.
The hard part is getting the root certificate in the trust store on every device in your organization.
Worse, it is often not the trust store on every device. It is often multiple trust stores on a device.
The OS might have one. Each browser might have its own. For a developer, each language they use might need separate configuration to get its libraries to use the certificate.
Active Directory for windows, MDM for OSX and phones, custom package for linux.
That should worry the hell out of you.
If you could install CAs only for a certain domain (default to the name constraints but actually set in the browser/Os) that would be fine, but installing a CA gives anyone with access to that CA the ability to make pretty much any valid cert, and your potential lack of security raises flags