On 5/23/25 9:48 PM, Chris Adams via NANOG wrote:
If you have such a complicated multi-server setup that includes a
need to encrypt your internal traffic, you should definitely be using
some configuration management system to make sure you have all the
encryption set correctly
The tooling used (or not) is orthogonal to the discussion at hand.
at which point another cert is a trivial amount of effort.
The tooling doesn't alter the need for a second certificate & key.
Nor does the tooling speak to the added complexity / risks of a private CA.
Sometimes multi-server can be as few as two or three servers. And
there's no guarantee that they are the same OS or otherwise use the same
configuration. So ... configuration management becomes even more overhead.
--
Grant. . . .
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/[email protected]/message/MXRO4B7CZC34KZ5FY4JIYIKXTANTYLN7/
