Hi Guys,
Having certificates (LetsEncrypt) installed increases security.
Druvis presented this https://www.youtube.com/watch?v=T1Dyg4_caa4 a year ago.
If it is combined with ROSE https://www.youtube.com/watch?v=xmqOYeD0t5E and NVMe over TCP https://www.youtube.com/watch?v=xmqOYeD0t5E could we have an easy go-to solution for distributing certifikates in an infrastructure ?
Certificates increase security if used right. They may also decrease security if not handled correct, but thinking that they have been. The private key of a certificate of a web server is lying around on a public file share is an example of decreasing security.
I think that very well depends on your infra. Certificates are plainly files, and applications that import them handle them special.
LetsEncrypt certs are also files.
The files may be special as they have a certificate that signifies some identity. It does that by having a private key and public key. The private key can be used to decrypt data encrypted against its own public key and the public key can be used to decrypt data against that private key.
The private key should however be taken serious for its naming convention and stay private (as in no one has access to it, only the addressee).
You could copy files over a network/share in whichever way and use them, import them to certificate stores.
Create your LetsEncrypt server certificate and push it to your web servers (I still do that). I exclude end users here, I don’t think that works with LetsEncrypt here.
carrotik