PKI in home(lab?)

[edge]

Who here is running full pki in their home?

I have my own standalone offline root with online subordinate servers in my sandbox. The offline root is a vm on a rw dvd that lives in my safe deposit box outside of when I have to bring it back for root certificate refresh every 2 years (intentional, keeps the VM current and I burn a new dvd just because).

All of my internal domain traffic is encrypted, and a device certificate is required along with login credentials.

Is this over the top or just getting to where we should be?

 

[altmind]

I dont run PKI even in my company.

 

[BlueLineSwinger]

Just a basic setup via FreeIPA. I did set up a few web certs for various internal services/devices just to keep the browser warning from coming up on the redirect to HTTPS.

 

[vangoose]

Internal MS CA in AD environment.
External Let's Encrypt on reverse proxy.

 

[altmind]

To me PKI is having every node configured to trust the CA. And for the company, its a pain not worth enduring. Especially if you got multiple offices and some remote tech-illiterate employees.

 

[Rand__]

Yeah missing automation capabilities keep me too.
I am not motivated to do the 50 parts at home (client/server/services) and can't imagine doing companies with a diverse setup...
I worked for large financial institues and even they don't do everything - cheaper to swallow the risk then spend money on every exotic system they run.

Too bad actually, would love to have that set up properly...