tailscale cert works great! One of my services (Jellyfin media server) requires a p12 certificate for https. It’s easy enough to create from the command line using the cert and key from tailscale:
but in the future, perhaps we could get a --p12-file option for tailscale cert? It’d save a step and probably a bit of headache for anyone not versed in openssl.
Anyway, the above works for me. Thanks for making internal certs painless!
We’re likely to focus on those more complete integrations, rather than taking one step like creating a p12 file, because the automation would allow someone who is not especially technically sophisticated to do more than they otherwise might be able to.
Making the process fully automated as often as possible makes perfect sense. It would be nice to get rid of the need for manual rotation whenever feasible. It’d certainly delight more of the user base than adding an obscure flag, too.