Are there already elegant solutions for distributing Let's Encrypt certificates to multiple hosts?
Of course, you can have each host request certificates individually, but then you run into ACME API limits at Let's Encrypt relatively quickly, depending on the number of hosts and simultaneous accesses.
Sophos X-Ops is raising the alarm to the #hotel industry, warning that threat actors appear to be using requests or complaints as a lure to convince front-desk workers to infect their own computers with password stealing #malware. 1/
Many of the #malware samples distributed in this campaign were digitally signed with valid #certificates assigned to bogus or shell companies, while others were signed with not-valid certificates that mimic well-known brands.
@glynmoody "EU Tries To Slip In New Powers To Intercept Encrypted Web Traffic" - How does this affect the UK? Is it possible that Brexit could at last provide a genuine benefit by allowing us to avoid this surveillance? Or will gov.uk come up with something even worse? #certificates#encryption#brexit
🚨 Another EU mass surveillance attempt. Will kill privacy on web. Must not pass. 🚨
“[A]ll web browsers distributed in Europe will be required to trust the certificate authorities and cryptographic keys selected by EU governments.
These changes radically expand the capability of EU governments to surveil their citizens by ensuring cryptographic keys under government control can be used to intercept encrypted web traffic across the EU.”
Good Monday morning, Fediverse! I'm looking for my next role, hoping to get #FediHired.
Right now I'm a principal engineer and team lead for certificate infrastructure at a major US company. My day-to-day work focuses on PKI infrastructure/operations, Windows, and Active Directory. I get to help developers understand both the Why and How of the best practices for using certificates, along with keeping the certificate infrastructure humming along.
Working with Information Security, we've implemented company-wide multi-factor authentication for ~30,000 people. I've designed and executed migrating from on-prem PKI (Microsoft ADCS) to Certificates-As-A-Service, which reduced our total operating costs by about half. The includes dropping our datacenter footprint from multiple physical devices down to a couple of VMs.
Outside of the technical responsibilities, I'm mentoring and training junior/new teammates to build their skills and their confidence. Feedback from the management of our development and applications teams is that I've reinvigorated relationships and made certificate discussions something folks look forward to. And while nobody enjoys an outage, both managers and fellow individual contributors have told me that my calm, confident, and methodical presence is critical to both morale and quick resolution.
My current position doesn't offer much in the way of Azure exposure, but in my previous role I built out a Windows Virtual Desktop (now Azure Virtual Desktop, AVD) ecosystem from scratch when the pandemic first began and we had to send everyone to work from home on super-short notice. Nobody missed a day of work for lack of technical resources.
What I want from my next role is either a similar technical lead/principal level infrastructure/operations IC position or moving into management of a similar team.
If you're looking for a technical leader (with or without management responsibilities) to help shape and maintain your Windows/Active Directory environment, someone who can build relationships across a large organization, let's chat. DM me for email or Signal.
Current residence is in Syracuse, NY, but I'm open to relocation.