1. Home
  2. General Telecommunications Forum
  3. [Telecom] Let's Encrypt

[Telecom] Let's Encrypt

Let's Encrypt is interesting because the whole thing is automated at

> the server end once the required software is installed, which will be > no big deal. (It's like installing PHP or other plugins.) The level > of security isn't fabulous, but it's similar to what other CAs do now > and it means that all of those cheap pre-fab web sites running > Wordpress and the like can do https with one click by the server > operator. > > R's, > John

I've been reading about Let's Encrypt for a while. I understand that a fair amount of their trust that you are who you say you are is by demonstrating you have control over your DNS records. I look forward to something like this. I've been using self-signed certificates for years to get encryption (like on the squirrelmail client I'm writing this on), but have to deal with the security warnings and explain to other people that it's ok.

Harold

Reply to
Harold Hallikainen
Loading thread data ...

If you're willing to deal with the normal cert config hassle, Startssl at

formatting link
issues certs for free, and their CA is in most current browsers so there's no warnings. They validate you by sending email to either a WHOIS contact, or a standard contact address such as webmaster@domain. Takes about 15 minutes.

R's, John

Reply to
John Levine

They will also only allow you to renew the certificate in a ridiculously short time window before the old cert expires, and they will charge a rather stiff fee for a revocation. They didn't waive that fee when the Heartbleed bug compromised most certificates on the market.

They thus do a rather good job in _reducing_ overall security.

Greetings Marc

Reply to
Marc Haber

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.