so i was going to enable ssl/tls in tailscale, but it gave me a warning that it will place an entry on a ledger that cannot be removed. is there any danger in enabling it? tia.
You must log in or register to comment.
https://tailscale.com/docs/how-to/set-up-https-certificates#machine-names-in-the-public-ledger
Your machine names and tailnet domain name will be added to a list that is publicly accessible when a new certificate is issued to one of your machines. CT is meant to verify, through one or multiple third parties, that a certificate was issued to a particular DNS name. This isn’t unique to Tailscale – all other CAs do this, and modern browsers will refuse to connect to websites if they can’t verify the certificate through at least one CT ledger.
This doesn’t expose your systems any more than getting a DNS entry and a certificate from other sources. If you don’t want your tailnet and machine names out in the public, you’ll have to use self-signed certs and self-hosted HTTPS-capable servers or proxies.