Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I use a wildcard certificate for my home infrastructure. For all the talk of hiding, though, it's wise not to count on hiding behind a wild card. Properly configure your firewalls and network policy. For the services you do have exposed, implement rate limiting and privileged access. I stuck most of my LE services behind Tailscale, so they get their certificates but aren't routable outside my Tailscale network.


We have all our services deployed on an internal network in AWS. We took care to use private hosted zones, gate access behind a VPN with SAML auth.

Turns out we're leaking our service usage by using ACM for our certificates.


Doing something similar on AWS right now, what do you mean by leaking service usage? What is ACM exposing? I assume the “fix” for this would be to host your own CA through ACM?


If I register a TLS cert for gitlab.donalmacc.ie, its publicly logged.

From this thread it seems the fix is to register a wildcard *.donalmacc.ie and use that cert.


Pretty much yeah, I don’t know why would any sysadmin thinks a subdomian is a hidden thing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: