home.social
Sign in Create account

#stepca — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #stepca, aggregated by home.social.

  1. Frank B @[email protected] ·

    Ich glaube ich brauch mal das geballte Wissen der #Homelab Nerds ... 😉

    Ich habe hier zuhause schon einige Server, Tools & Co zum Laufen gebracht. Mal zum Testen und oft auch im Produktivbetrieb.

    Aber seit Monaten und mit mittlerweile locker 5-10 Anläufen schaffe ich es partout nicht, mit #StepCA meine lokalen #SSL Zertifikate zu realisieren.
    Ich renne von Fehler in Fehler - trotz PVE CommunityScripts ...

    Wie war das bei euch? Hat es gut geklappt? Wo waren Knackpunkte?

    #Heimnetz #PVE

    #homelab #stepca #ssl #heimnetz #pve
  2. Jeremy, aka Jaharmi @[email protected] ·

    @owen I don’t find it that bad with #stepca. It’s not exactly trivial, but it’s possible. If more things I run — or want to run — had a “step” client or #acme (and not just support for #LetsEncrypt), it would be much easier.

    #stepca #acme #letsencrypt
  3. Jeremy, aka Jaharmi @jaharmi ·

    @owen I don’t find it that bad with . It’s not exactly trivial, but it’s possible. If more things I run — or want to run — had a “step” client or (and not just support for ), it would be much easier.

    #stepca #acme #letsencrypt
  4. Jeremy, aka Jaharmi @[email protected] ·

    @owen I don’t find it that bad with #stepca. It’s not exactly trivial, but it’s possible. If more things I run — or want to run — had a “step” client or #acme (and not just support for #LetsEncrypt), it would be much easier.

    #stepca #acme #letsencrypt
  5. Jeremy, aka Jaharmi @[email protected] ·

    @owen I don’t find it that bad with #stepca. It’s not exactly trivial, but it’s possible. If more things I run — or want to run — had a “step” client or #acme (and not just support for #LetsEncrypt), it would be much easier.

    #letsencrypt #acme #stepca
  6. Jeremy, aka Jaharmi @[email protected] ·

    @owen I don’t find it that bad with #stepca. It’s not exactly trivial, but it’s possible. If more things I run — or want to run — had a “step” client or #acme (and not just support for #LetsEncrypt), it would be much easier.

    #stepca #acme #letsencrypt
  7. Julien Riou @[email protected] ·

    My ACME certificates generated by step-ca don't have a "subject" but they have SANs. Unfortunately, OpenVPN seens to require a subject to work.

    #openvpn #stepca #tls #acme

    #openvpn #stepca #tls #acme
  8. Sam Lehman :nixos: @[email protected] ·

    @Larvitz How is Step CA? Are you coming from another CA solution?

    Been thinking about running #stepca in my #kubernetes cluster, but have been apprehensive because of how many features seem to be gated behind smallstep's proprietary version. Would love to have this integrated with #certmanager and using the #tpm on my nodes. Was going to do a rearchitecting of my entire #auth and #cryptography stack when I switch from the deprecated #Ingress API to the #GatewayAPI

    #stepca #kubernetes #certmanager #tpm #auth #cryptography
  9. Sam Lehman :nixos: @Lehmanator ·

    @Larvitz How is Step CA? Are you coming from another CA solution?

    Been thinking about running in my cluster, but have been apprehensive because of how many features seem to be gated behind smallstep's proprietary version. Would love to have this integrated with and using the on my nodes. Was going to do a rearchitecting of my entire and stack when I switch from the deprecated API to the

    #stepca #kubernetes #certmanager #tpm #auth #cryptography
  10. Sam Lehman :nixos: @[email protected] ·

    @Larvitz How is Step CA? Are you coming from another CA solution?

    Been thinking about running #stepca in my #kubernetes cluster, but have been apprehensive because of how many features seem to be gated behind smallstep's proprietary version. Would love to have this integrated with #certmanager and using the #tpm on my nodes. Was going to do a rearchitecting of my entire #auth and #cryptography stack when I switch from the deprecated #Ingress API to the #GatewayAPI

    #stepca #kubernetes #certmanager #tpm #auth #cryptography
  11. Larvitz :fedora: @[email protected] ·

    What a project. Did configure StepCA in my home-lab with a real physical HSM for the CA's private key. Using a SmartcardHSM (smartcard-hsm.com) from CardContact Systems.

    Now I have acme (automated cert provisioning) working internally as long as the HSM is plugged into my server.

    All running in an isolated FreeBSD 15-RELEASE jail (StepCA compiled from source with added PCSC-Lite support and usb device passed through by devfs rules).

    Yay! It works!

    #freebsd #stepca #devops #acme #certificates #tls #smartcard #hsm

    #freebsd #stepca #devops #acme #certificates #tls
  12. Mauricio Teixeira🐧:kubernetes: @[email protected] ·

    Oh wow! I had some weird stuff in the GatewayAPI config for HTTP to HTTPS redirect which was blocking ACME.

    Now I have CertManager correctly issuing certificates from my private StepCA, using the http01 solver behind GatewayAPI! Blog coming (eventually). 🎉

    #HomeLab #GatewayAPI #Kubernetes #CertManager #StepCA #TalosLinux

    #homelab #gatewayapi #kubernetes #certmanager #stepca #taloslinux
  13. ϺΛDИVTTΛH @madnuttah ·

    There's our own local stack running featuring online and family's impressed so far. issues the . The is also nice btw! Next stop trying with and test other nice things. Since my i3 is operating on it's limits right now, I've purchased an core i7 with 16GB RAM being our third host. 💪

    #nextcloud #collabora #stepca #certs #cookbook #app
  14. Habr @[email protected] ·

    Безопасность на новом уровне: исследование Smallstep CA и его применение

    Рассмотрим Smallstep CA — современное и инновационное решение для управления сертификатами. Оно может предложить несколько преимуществ по сравнению с OpenSSL.

    habr.com/ru/companies/magnit/a

    #certification_authority #freeipa #stepca #сертификаты #magnit_tech

    #magnit_tech #сертификаты #stepca #freeipa #certification_authority