Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off LastPass
 
  • Post
  • Reply
admiraldennis
Jul 22, 2003

I am the stone that builder refused
I am the visual
The inspiration
That made lady sing the blues
I'm redoing my internal network in light of a fancy internet upgrade (real upstream!). I bought a real domain with a real wildcard SSL cert to use mostly internally for organization, but also with a small number of internet-accessible things (e.g. OpenVPN server).

Something that surprised me setting up my first hosts with the cert and accessing them internally.

https://edge.mydomain.tld/ -- works fine, yay

https://edge/ (search domain: mydomain.tld) -- ERR_CERT_COMMON_NAME_INVALID

I guess this is because the OS network stack is the one translating edge to edge.mydomain.tld and the browser knows nothing of it? But I like the succinctness of using a Search Domain (or as Windows likes to say: connection-specific DNS suffix) locally! Is there some weird trick to make this happy? (Is there even just some way to configure or plugin Chrome to do the heavy lifting and give me the desired user experience?).

* # ¿ Feb 16, 2021 02:01
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 26, 2024 07:45
  • Quote
admiraldennis
Jul 22, 2003

I am the stone that builder refused
I am the visual
The inspiration
That made lady sing the blues
I've been using 1Password since the stone ages and it still strikes me as the best one. I used to sync the database myself via rsync and then DropBox :D. Some year I finally gave in and subscribed to their hosted sync service.

I also set up my Dad successfully with it.

* # ¿ Feb 16, 2021 20:24
  • Quote
admiraldennis
Jul 22, 2003

I am the stone that builder refused
I am the visual
The inspiration
That made lady sing the blues

Rufus Ping posted:

Unless you fancy running your own internal CA and signing the certs with both foo and foo.whatever.com as subject alternative names and installing that root cert on all your devices

This piques my interest but is probably too annoying. I suppose I don't mind doing a little work and installing my own root cert on my most-used devices.

But my guess is that I can't have both my own CA/cert for foo and then also a real trusted CA/cert for foo.mydomain.tld? (Maybe with a fancy dedicated https server, but note that in a bunch of cases here I'm just adding certs to pfsense, plex, freenas, etc, etc?).

Subjunctive posted:

make http://edge/ redirect to https://edge.mydomain.tld/ if you want to save the typing

Yeah, I might do something like this. Though instead of running a bunch of http servers - I'd really just like Chrome itself to be aware of my "default DNS suffix" preference and do the redirecting on its own. Come on, where's the dumb plugin for this?

BlankSystemDaemon posted:

Also, combine it with split-horizon DNS, just for fun.

Hmm...

Combat Pretzel posted:

Well, use the full name internally, too.

Yeah, well, OK, maybe.

* # ¿ Feb 16, 2021 20:35
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off LastPass