EODdoUbleU@alien.topBtoHomelab@selfhosted.forum•Finally using SSL certs on my local services, no more HTTPS warnings. Someone appreciate because my GF could care lessEnglish
1·
11 months agoHow are you handling RootCA secrets? Right now, I’m using a (couple) USB drive with a two Luks partitions, one for CA key backup and Yubikey management and PUK keys, then one that only contains the PIN which is fetched by OpenSSL using -passin file:xxx
.
I’ve been a little concerned about being able to properly back all that up, so I was thinking about using KeepassXC and the CLI tool to replace the partitions.
Or create a repository on Github, point
ca.yourdomain.com
to Github Pages and publish there. Doing this solves the PKI chicken-and-egg problem for a homelab and doesn’t tie up any resources to serve them.