logoalt Hacker News

pizzalifetoday at 3:19 PM1 replyview on HN

I don't agree that tunneling everything through some external facing proxy is "TLS certificates for internal services done right".


Replies

nijavetoday at 3:24 PM

Arguably it's 1/2. You can put public certs on proxy then give proxy private CA to backend services. Then you don't need public certs for all the private stuff nor need to trust the private CA on all your devices.