During #sstic conference (FR infosec reference con), I have done a lightning talk about benefits you can have to deploy an #ACME frontend (Serles ACME proxy in our case) in front of your private PKI in your private corporate network.

One main #takeaway is the great diversity it exists among ACME clients due to its open and standardised format. This diversity in terms of languages and technologies allows a lot of different people among our internal IT ecosystem (developers, sysadmins, devops, architects, network guys...) to adopt ACME.

The final result is a greatly wider adoption of certificates automation inside our private network and a less work for Security team. With zero change (organisational nor added people ) on the PKI side.

Reference (FR only for the talk sorry 😔):
. Slides https://github.com/AssuranceMaladieSec/talks/blob/main/SSTIC-2023-RUMP-Apport-ACME-en-r%C3%A9seau-priv%C3%A9.pdf
. Talk https://static.sstic.org/rumps2023/SSTIC_2023-06-08_P12_RUMPS_03.mp4
. Serles ACME proxy https://github.com/dvtirol/serles-acme
. Lego ACME client https://github.com/go-acme/lego

**igor51@security-x.fr** @igor51@nanao.cybtex.fr · 19 mai 2023, 12:09

**igor51@security-x.fr** @igor51@nanao.cybtex.fr · 19 mai 2023, 12:09

19 mai 2023, 12:09

igor51@security-x.fr @igor51@nanao.cybtex.fr

@minus https://github.com/vdohney/keepass-password-dumper

**igor51@security-x.fr** · 16 fév. 2023, 18:36

igor51@security-x.fr a partagé

**Command Line Magic** @climagic@mastodon.social · 16 fév. 2023, 18:36

16 fév. 2023, 18:36

Command Line Magic @climagic@mastodon.social

Needed to diagnose a network problem and watch multiple pings. So I opened tmux, Ctrl-B % and Ctrl-B " a few times, then pinged outside, the gateway and two internal hosts and used lolcat to make it easier to detect change in drop patterns.
tmux
ping -i 0.2 8.8.8.8 | lolcat