Certs are a real pain. I’ve been doing infra engineering for the last few years and man oh man people are so quick to handwave away the hidden costs of ssl. You need to understand where it terminates in your stack and how to handle the termination and which pieces of the stack handle ssl and which don’t and all the while make sure you aren’t doing something dumb and insecure.
A classic example is people thinking self signed certs are a good idea without fully understanding the implications of getting every single piece of your application stack and all its third party dependencies to trust the thing.
Which I guess is a good thing, but also man it does place a lot of power into those root CA’s the internet uses.
A classic example is people thinking self signed certs are a good idea without fully understanding the implications of getting every single piece of your application stack and all its third party dependencies to trust the thing.
Which I guess is a good thing, but also man it does place a lot of power into those root CA’s the internet uses.