F
@janantos via my clients contact we have been told by MS that Windows Defender etc. still reacts less aggressive for EV certificates for brand new apps.
Since I’ll have to do this for our project soon I’m curious if this was just wrong and OVs work as well?
@ttk ich bin eher nicht so auf dem Tailscale Hype-Zug und mach Netzwerk und vpn wie meine graubärtigen Mentoren es mich gelehrt haben
@janantos mostly thr same here 
except I likely won’t bring in a VPS.
Also optimist price for a SSL cert - I had the pleasure to buy an EV cert for signing Microsoft binaries and I never felt so dirty the last 20 years. (Plus the HSM… *sigh)
@pfr no. I don’t need most of their features and I don’t fancy running always on VPN for what’s a simple network setup.
I currently run an acme server with a self signed root cert for internally hosted services on .home.arpa. Works well enough most of the time, except when it doesn’t.
I might just transition to *.hq.somedomain.tld and use Caddy’s DNS based verification for a wildcard cert or two.
Might be a bit painful to change. At least it’ll be time consuming. And someone will explain me what a horrible idea it is to use a public domain and DNS for a private network.
