I'm managing a large number of devices like DRACs, ILOs, UCS, storage appliances, printers, and network equipment, all running on self-signed certificates. Our internal domain is set up as .local. I'm wondering if there are significant risks associated with using a wildcard certificate across all these devices? I plan to securely store the certificate in our PAM, but I'm unsure if this is a good practice.
6 Answers
Instead of using a wildcard cert, consider using individual certs signed by a local CA. If you keep a wildcard cert deployed to all devices, you risk exposure if you decommission any hardware since that cert could be misused later to impersonate devices. It's not just about availability, it's about security.
I strongly advise against wildcard certs. They can lead to chaos if they expire or get compromised. You'll have no concrete way of knowing where that cert is being used. It's not as simple as making it last for years; managing that risk is crucial.
I actually automate cert management for my servers with scripting, it helps keep everything up-to-date without worry.
True, if it’s deployed everywhere you might have some idea of where it is. But it's still risky.
As long as you understand that .local domains won't be publicly trusted, and there's some extra work to deploy a CA root cert for them, you're generally okay. Just not ideal.
Wildcard certificates aren't recommended due to the all-or-nothing approach to security. If one gets compromised, others are at risk too. Setting up an internal CA for issuing certs would be safer. Consider switching to a .internal domain for better practices; it pays off in the long run.
I just set up new individual certificates for my devices from our internal CA and it worked out really well. It felt like the best move given our situation!
It's generally a bad idea to use a .local domain. This type of domain should be reserved for mDNS, and wildcard certificates can complicate things. I'd suggest avoiding a single wildcard cert for all devices since it creates a bunch of management headaches and security risks. Having one cert for everything leaves you vulnerable if it gets compromised.
Yeah, but it's not easy changing it for all my devices. I'm stuck with this configuration from previous admins.
Tech debt makes it super tough, I get that. But it complicates your management down the road.
How could a decommissioned device still pose a risk with the cert if it's not on the network?