TheaterFire

Certificates...

Posted by Vivid_Mongoose_8964@reddit | sysadmin | View on Reddit | 11 comments

Quick poll. How many of you are installing certs on printers / other internal equipment in your environments?

Reply to Post

11 Comments

mkosmo@reddit

Yes. It’s a requirement in many highly regulated environments and a good idea regardless.
View on Reddit #34035536

Vivid_Mongoose_8964@reddit (OP)

We're not regulated at all, just a private company. Are you using a self signed cert from an internal windows server?
View on Reddit #34035596

Existing_Artist_2234@reddit

If every Certificate earned, led to a hands-on internment position the entire country would become more prosperous. It's foolhardy to educate so many people and then provide zero follow-on for them afterwards. Every certificate in every subject under the Sun should have an intern employment position for those whom have passed the course. Hands-on intern positions.... but no, 'internships' appear to be the 'last' concern on the list. Want to do a course in a subject of your interest...at the adequate level? MAKE SURE THEY PROVIDE AN INTERNSHIP!!.. otherwise you are just treading the Diploma Mill. Good Luck!!
View on Reddit #34516375

vast1983@reddit

We use windows pki to issue certificates. Not heard to set up and use at all. Fairly well documented. What's really nice is you can issue validity periods longer than 1 year.
View on Reddit #34052724

survivalmachine@reddit

>Not hard to set up and use at all. Not hard to set up. Much harder to set up *securely and properly* with a truly offline root and not shooting yourself in the foot 5-10 years later.
View on Reddit #34062766

mkosmo@reddit

We have a very comprehensive internal PKI environment. But most entities won’t have the resources we do for that, as the requirements that drive that environment don’t exist for most. You can outsource this kind of thing to folks like Digicert or even AWS.
View on Reddit #34035699

BlackV@reddit

yes :(
View on Reddit #34141848

_BoNgRiPPeR_420@reddit

I have in the past for 802.1x, but it's easier to put them on their own isolated VLAN.
View on Reddit #34080623

iwoketoanightmare@reddit

It's trivial to do it if you have the skillset.
View on Reddit #34044618

Terriblyboard@reddit

If it is not a security requirement or something that is being accessed by end users then no.
View on Reddit #34042625

LtLawl@reddit

I generally do for stuff I manage, partially out of boredom and best practices. Our security team could not careless. Some stuff doesn't have good enough documentation or clarity about if an outage occurs to update the certificate, so I generally do not bother with those.
View on Reddit #34042165