JakaJancar on Hacker News

Ask HN: Why would a CA revoke a cert with a public private key?

To get working HTTPS on localhost, something I have done in the past is:

  - register myproject.dev,
  - point it to 127.0.0.1,
  - create a cert for it, and
  - just store the private key in the repo.

Every coworker can check out the (private) repo and has working HTTPS without any fuss or configuration.

There are projects like https://lcl.host, but they require installing stuff on the machine and/or modifying the browser trust configuration.

Why has nobody just registered a similar domain like lcl.host, pointed it to 127.0.0.1, and published the private key for everyone to use?

Would the CA revoke this cert? Why? Doesn't the domain owner get to define the set of servers they allow to use the cert, and if that set just happens to be everyone, so what?

Is this "there are limits to how wide you can distribute your private key" policy documented somewhere?

Looking at digicert[1], if a revocation request is submitted, the owner must approve it. What happens if I just don't approve it?

[1]: https://docs.digicert.com/en/certcentral/manage-certificates/revoke-an-issued-ssl-tls-certificate/approve--or-reject--a-certificate-revocation-request.html

3JakaJancar1y ago6

Ask HN: PC logistics for remote employees – cloudy solution?

We need to send computers to new employees, and sometimes get them back after they leave the company.

Is there a service that to me looks like the AWS console, but in the backend procures new gear, provisions it according to a spec, ships it to employees; and at the end of employment sends some prepaid return boxes and collects the stuff.

Ideally globally. Ideally can also store some of company swag and send that along :)

(I'm not asking about MDM etc., just the physical aspects of the work)

1JakaJancar5y ago0

Ask HN: Why would a CA revoke a cert with a public private key?

To get working HTTPS on localhost, something I have done in the past is:

  - register myproject.dev,
  - point it to 127.0.0.1,
  - create a cert for it, and
  - just store the private key in the repo.

Every coworker can check out the (private) repo and has working HTTPS without any fuss or configuration.

There are projects like https://lcl.host, but they require installing stuff on the machine and/or modifying the browser trust configuration.

Why has nobody just registered a similar domain like lcl.host, pointed it to 127.0.0.1, and published the private key for everyone to use?

Would the CA revoke this cert? Why? Doesn't the domain owner get to define the set of servers they allow to use the cert, and if that set just happens to be everyone, so what?

Is this "there are limits to how wide you can distribute your private key" policy documented somewhere?

Looking at digicert[1], if a revocation request is submitted, the owner must approve it. What happens if I just don't approve it?

[1]: https://docs.digicert.com/en/certcentral/manage-certificates/revoke-an-issued-ssl-tls-certificate/approve--or-reject--a-certificate-revocation-request.html

3JakaJancar1y ago6

Ask HN: PC logistics for remote employees – cloudy solution?

We need to send computers to new employees, and sometimes get them back after they leave the company.

Ideally globally. Ideally can also store some of company swag and send that along :)

(I'm not asking about MDM etc., just the physical aspects of the work)

1JakaJancar5y ago0

JakaJancar

Recent submissions

Show HN: A rec.us CLI for your Claw (opens in new tab)

Speed: Engineering Airbyte's 4-10x Performance Breakthrough (opens in new tab)

Gemini 2.5 Pro system prompt (opens in new tab)

I caught Google Gemini using my data and then covering it up (opens in new tab)

Ask HN: Why would a CA revoke a cert with a public private key?

Amazon ECS now supports AWS Graviton-based Spot compute with AWS Fargate (opens in new tab)

Show HN: Fleeting – simplest way to "Docker run/build" in the cloud (opens in new tab)

Show HN: Assertly – scriptable monitoring for infosec, IT, compliance, DevOps (opens in new tab)

Ask HN: PC logistics for remote employees – cloudy solution?

Recent submissions

Show HN: A rec.us CLI for your Claw (opens in new tab)

Speed: Engineering Airbyte's 4-10x Performance Breakthrough (opens in new tab)

Gemini 2.5 Pro system prompt (opens in new tab)

I caught Google Gemini using my data and then covering it up (opens in new tab)

Ask HN: Why would a CA revoke a cert with a public private key?

Amazon ECS now supports AWS Graviton-based Spot compute with AWS Fargate (opens in new tab)

Show HN: Fleeting – simplest way to "Docker run/build" in the cloud (opens in new tab)

Show HN: Assertly – scriptable monitoring for infosec, IT, compliance, DevOps (opens in new tab)

Ask HN: PC logistics for remote employees – cloudy solution?