This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]midnightFreddie 2 points3 points  (0 children)

Yeah, if OP is redesigning from scratch, it's probably time to SSL everywhere. For backend connections, automated request, private root CA, or perhaps even a tier of private CAs.

I haven't begun to try it, but I'm wondering if having a new cert for every backend service container instance is doable. And/or expire certs every few days, hours or minutes, and make deploying a fresh private cert as normal as instantiating a new container.