Company I work for went through a security audit and and all of the devices with self signed certificates were flagged. Now I need to replace all the certificates with “valid ones”.
Of course my mind goes to let’s encrypt as a solution but I’m second-guessing that because I would use those certificates in devices like the Dell idrac system and the Lantronix spyder kvm. Replacing certificates in them every 90 days is a tedious manual process.
Assuming though for the moment that I can find a way to automate replacing certificates as they expire, I’m assuming that a wildcard certificate for *.lan.elucid.biz would be sufficient for internal use for all of these devices?
If using let’s encrypt is the wrong solution, as far as I understand, my alternatives are a wildcard multiyear certificate from some discount CA or our own private CA within our network. If the latter is a reasonable solution, any recommendations on private CA systems?
I really appreciate the assist. Thanks in advance!
The way I was thinking of solving this was using wildcard certificate for our device/internal domain (elucid.biz is the externally resolvable part. lan.elucid.biz is inside the network))