[kwlug-disc] Let's Encrypt
B.S.
bs27975 at yahoo.ca
Wed Jan 20 21:14:18 EST 2016
Help me understand this.
As far as I knew, every cert gets cross-checked back to the cert issuer for authenticity.
If you use the same cert on different services, presumably with different names ... wha?
(Not to say SNI isn't also the answer, but it doesn't seem intuitively so, here, for Bob's use case.)
e.g. www.sobac.com, xmpp.sobac.com, myotherwww.sobac.com
I can see a sobac.com cert, and a setup where sobac.com is authoritative for all 'domain' certs, but I'm guessing that takes some special setup, or options checkboxes, when creating the cert.
Or a cert that's actually cert'ing one's own local CA?
>________________________________
> From: Raymond Chen <raymondchen625 at gmail.com>
>To: KWLUG discussion <kwlug-disc at kwlug.org>
>Sent: Wednesday, January 20, 2016 2:17 PM
>Subject: Re: [kwlug-disc] Let's Encrypt
>
>
>
>I think the solution of your 'one cert to one web server' problem is SNI(Server Name Indication). On the server side, many web servers support that e.g. Apache. But it also requires browser support, here is a browser compatibility table I found: http://caniuse.com/#feat=sni
>
>
>On Wed, Jan 20, 2016 at 12:31 PM, Bob Jonkman <bjonkman at sobac.com> wrote:
>
>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Has anyone used a single Let's Encrypt cert for multiple services? For
>>example, I've got one domain, sobac.com which hosts e-mail, XMPP and a
>>Web site. Is it possible to use the same cert for all those services
>>under the same domain?
>>
>>Has the problem of virtual web servers been solved? Last I heard it
>>was only possible to apply one cert to a web server. A web server that
>>hosts multiple domains couldn't use a Let's Encrypt cert -- is this
>>still true?
>>
>>I would like to see a presentation/demonstration on acquiring and
>>installing a Let's Encrypt cert on a variety of services...
More information about the kwlug-disc
mailing list