> For a small business, what is so hard about keeping a file (CA private key) secure and changing it when required?
For a small business? Well, keeping a file secure and changing it when required ^^'
I mean, it's not out of this world hard to generate your private CA but there are a thousand footguns, the experience isn't exactly friendly, and it's Yet Another Thing To Do And Keep Track Off, i.e even if there's someone who has the technical chops, they may not have the bandwidth, and also, lottery factor. Let alone keeping it properly secure. There's a whole framework/procedure to create to set that up properly.
(been there done that, I was exactly in the situation above)
Can you be more specific on some of those main footguns?
I need to rotate the CA for some rare reason. Boom, I do it. All the old SSH certs are invalidated, but users can get a new one through the usual automated flow.
For a small business? Well, keeping a file secure and changing it when required ^^'
I mean, it's not out of this world hard to generate your private CA but there are a thousand footguns, the experience isn't exactly friendly, and it's Yet Another Thing To Do And Keep Track Off, i.e even if there's someone who has the technical chops, they may not have the bandwidth, and also, lottery factor. Let alone keeping it properly secure. There's a whole framework/procedure to create to set that up properly.
(been there done that, I was exactly in the situation above)