I have a software running on my server which is called Gitlab. The service is accessible through a SSH, HTTP and a HTTPS endpoint. All three access points are reachable through a SSH tunnel, so binded to 127.0.0.1.
> 127.0.0.1:80 # HTTP
> 127.0.0.1:443 # HTTPS
> 127.0.0.1:1234 # SSH
To enable HTTPS, I created my own SSL certificate but of course there is no authority which confirms its authenticity. So even if I satisfy my server to work with it, I am wondering if I should even continue using it.
There are a lot of services on the server, or client tools which connect to it, and all would need to respect their system keychain where the public key is stored in as "trustworthy". Does anyone have experience with this constellation?
Using a self-signed certificate is the default configuration, to speed up the startup process, and it's up to you to decide if you want to install a trusted certificate from a third party CA, or a local CA (maybe your AD integrated CA). If a service is local or internal to your company, you can decide to keep it self-signed.
In the environments i was involved with, there was a AD integrated CA and we signed everything with that.
Further informations: https://docs.gitlab.com/ee/user/project/pages/custom_domains_ssl_tls_certification/ssl_tls_concepts.html