Idea ID: 2786905

Use letsencrypt for all OES certs

Status: Waiting for Votes

Waiting for Votes

See status update history

Certificates management is tiresome and lack of proper use encourages insecure systems.
There is a new, open, and free system that can securely automate SSL/TLS certificate management.
https://github.com/letsencrypt/letsencrypt

Tags:

  • LetsEncrypt was just the first big public instance of automated cert renewal CAs. There are more, and it feels like the OES team is trying to build that into the OES CA with some of what they are building in the new UMC.  Ideally, off of an internal CA is where we need that automation, as well as a better and integrated way to get that CA public cert onto the client systems to fully get that seamless approach this Idea is really all about.

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

  • Wheras letsencrypt is good solution for webservers etc. it has in my opinion no additional security compared to using the certificates of the internal CA. I find, that using external validated certificates does not give you any extra security, because it is no big problem to acquire a legitimate certificate for almost all domain-names. They just make the job of the admins easier as they need not to hassle with the rollout of legitimate certificates, which are only trusted by their company or organization.