This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Lets encrypt
Lets encrypt

Version management

Difference between version and

At line 1 added 30 lines
!!! Overview
[Let’s Encrypt|https://letsencrypt.org/about/|target='_blank'] is a free, automated, and open [Certificate Authority] ([CA]), run for the public’s benefit provided by the [Internet Security Research Group] ([ISRG]).
[{$pagename}] runs [Boulder]
The key principles behind Let’s Encrypt are:
* Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
* [Automatic Certificate Management Environment] (ACME): Software running on a web server can interact with Let’s Encrypt to painlessly obtain a [certificate], securely configure it for use, and automatically take care of [Certificate Renewal].
* Secure: will serve as a platform for advancing [TLS] security best practices, both on the CA side and by helping site operators properly secure their servers.
* [Certificate Transparency]: All [certificates] issued or [Revoked Certificate|Certificate Revocation] will be in the [Public Domain] recorded and available for anyone to inspect.
* Open: The automatic issuance and renewal protocol will be published as an [Open Standard] that others can adopt.
* Cooperative: Much like the underlying [Internet] [protocols] themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
!! Why ninety-day lifetimes for certificates?[2]
Nov 9, 2015 Josh Aas, ISRG Executive Director
We’re sometimes asked why we only offer certificates with ninety-day lifetimes. People who ask this are usually concerned that ninety days is too short and wish we would offer certificates lasting a year or more, like some other CAs do.
Ninety days is nothing new on the Web. According to Firefox Telemetry, 29% of [TLS] transactions use ninety-day [certificates]. That’s more than any other lifetime. From our perspective, there are two primary advantages to such short certificate lifetimes:
* They limit damage from key compromise and mis-issuance. Stolen keys and mis-issued [certificates] are valid for a shorter period of time.
* They encourage automation, which is absolutely essential for ease-of-use. If we’re going to move the entire Web to [HTTPS], we can’t continue to expect system administrators to manually handle renewals. Once issuance and renewal are automated, shorter lifetimes won’t be any less convenience than longer ones.
For these reasons, we do not offer certificates with lifetimes longer than ninety days. We realize that our service is young, and that automation is new to many subscribers, so we chose a lifetime that allows plenty of time for manual renewal if necessary. We recommend that subscribers renew every sixty days. Once automated renewal tools are widely deployed and working well, we may consider even shorter lifetimes.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Let’s Encrypt|https://letsencrypt.org/about/|target='_blank'] - based on information obtained 2015-11-29
* [#2] - [Why ninety-day lifetimes for certificates?|https://letsencrypt.org/2015/11/09/why-90-days.html|target='_blank'] - based on information obtained 2015-11-29
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop