On 21/01/2018 9:35 pm, Viktor Dukhovni wrote: > > Indeed stick with what you've got. You could (if not intimidated by the > logistics, but we may have more tools for you in this space soonish) also > implement a private CA that signs your no-longer self-signed server cert. > This makes it possible to publish "3 1 1" + "2 1 1" TLSA records, with > the "2 1 1" matching the key of your private CA, with that you can rotate > the server key more frequently, while keeping the CA key password protected. Private CA sounds interesting, will have to read up about it
- Self-signed TLS certificates Danny Horne
- Re: Self-signed TLS certificates Viktor Dukhovni
- Re: Self-signed TLS certificates Danny Horne
- Re: Self-signed TLS certificates Viktor Dukhovni
- Re: Self-signed TLS certificates Danny Horne
- Re: Self-signed TLS certificates Viktor Dukhovni
- Re: Self-signed TLS certificates Danny Horne
- Re: Self-signed TLS certific... Viktor Dukhovni
- Re: Self-signed TLS certific... Dirk Stöcker
- Re: Self-signed TLS certific... Viktor Dukhovni
- Re: Self-signed TLS certific... Dirk Stöcker
- Re: Self-signed TLS certific... Harald Koch
- Re: Self-signed TLS certific... Dirk Stöcker
- Re: Self-signed TLS certific... Danny Horne
- Re: Self-signed TLS certific... Olivier
