7Mar
Certificates for autoscaling internal networks?
A public website with an SSL certificate makes use of a certificate and CA in order to establish trust between the server and client.
How is the same thing typically implemented on private networks, with large numbers of short-lived hosts, such as in an autoscaling cluster? Copying the public key of every host to every other host would not scale well if hosts are frequently being created & destroyed.
Do people usually set up a private CA? Or use a symmetric key approach like Kerberos? Or some other approach? Are there any specific approaches recommended or provided by cloud providers, like AWS, GCP or Azure?
Note: I'm not asking for the technical details of how to set this up. I'm asking what the general approach is.