Hello, welcome to the Thursday, January 10th, 2019 edition of the Sands and its Storm Center's Stormcast.

My name is Johannes Ulrich, and the day I'm recording from Jacksonville, Florida.

Now, TLS has really had a real good run over the last couple of years, but one area where it's still somewhat lacking is

internal websites and development websites. There are a couple reasons for that. Now, first of all,

these websites are rightfully so not exposed to the public. So tools like Let's Encrypt, for example,

are a little bit tricky to use in these cases.

The other reason is you may not necessarily want to expose these particular host names and

such you're using two public certificate authorities because that may end up with them showing

up in certificate transparency logs.

So the obvious solution here is to set up your own certificate authority.

Now there are solutions for that, but none of them are really all that intuitive and easy

to use.

Well, Philippo Valcorda now came up with a new tool that should make that easier.

He calls the tool MakeCERT.

When you install it, it automatically creates an internal certificate authority for you.

And then it's really just the simple command line to create random certificates that are

signed with this internal certificate authority. Of course,

all users of the particular site have to trust that certificate authority, but again, for

internal websites that aren't publicly accessible for development websites, that shouldn't really

be a big problem and makes actually testing in some cases easier

because you don't really have to change in the configuration as you move code life.

So the real new part here is how easy it is to use the tool.

...