Feedback Request: Browser-based client
58 views
Skip to first unread message
Daniel Roesler
Nov 20, 2015, 4:37:31 PM11/20/15
to Let's Encrypt Client Development
Howdy,
I've throw together a barebones browser-based client that generates
copy/paste signing commands and makes AJAX requests to the Let's
Encrypt ACME API. Would love some feedback.
https://diafygi.github.io/gethttpsforfree/
The goal is to allow people to get free certificates without having to
install anything.
It never asks for private keys. This website is completely static, and
is only 71kB. It's not pretty, but it should work. I want to keep it
super simple and auditable.
The copy/paste generated commands only use openssl, echo, and base64,
which should already be on most unix-style operating systems (Linux,
*BSD, OSX, etc.). I've tested the website and was able to issue a
certificate for https://beta.howtogetfreehttps.com/.
I'd like to host it at gethttpsforfree.com, but the github static site
should always work, too.
Anyway, would love feedback! Thanks!
Daniel Roesler
I've throw together a barebones browser-based client that generates
copy/paste signing commands and makes AJAX requests to the Let's
Encrypt ACME API. Would love some feedback.
https://diafygi.github.io/gethttpsforfree/
The goal is to allow people to get free certificates without having to
install anything.
It never asks for private keys. This website is completely static, and
is only 71kB. It's not pretty, but it should work. I want to keep it
super simple and auditable.
The copy/paste generated commands only use openssl, echo, and base64,
which should already be on most unix-style operating systems (Linux,
*BSD, OSX, etc.). I've tested the website and was able to issue a
certificate for https://beta.howtogetfreehttps.com/.
I'd like to host it at gethttpsforfree.com, but the github static site
should always work, too.
Anyway, would love feedback! Thanks!
Daniel Roesler
Ryan Hurst
Nov 20, 2015, 4:57:16 PM11/20/15
to Daniel Roesler, Let's Encrypt Client Development
Daniel Roesler
--
You received this message because you are subscribed to the Google Groups "Let's Encrypt Client Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to client-dev+...@letsencrypt.org.
To post to this group, send email to clien...@letsencrypt.org.
To view this discussion on the web visit https://groups.google.com/a/letsencrypt.org/d/msgid/client-dev/CA%2B65OspdkegQ5fzY5svN-ztpaCKD0vzsAwh%3D16CfBGr67h7o_g%40mail.gmail.com.
Daniel Roesler
Nov 20, 2015, 5:06:02 PM11/20/15
to Ryan Hurst, Let's Encrypt Client Development
Don't you need the private key for generating the CSR? I don't want to
ask for private keys in this website.
Daniel
ask for private keys in this website.
Daniel
Peter Eckersley
Nov 20, 2015, 5:28:31 PM11/20/15
to Daniel Roesler, Ryan Hurst, Let's Encrypt Client Development
+1 to not making web clients that need or handle key material.
Daniel, this design looks promising! The ACME devs should weigh in on
whether there are any constraints on the CSR that are likely to need to
be documented for this type of client.
> To view this discussion on the web visit https://groups.google.com/a/letsencrypt.org/d/msgid/client-dev/CA%2B65Osp-oipz8ryrZnUWpvVvAQDpU1pO_cgkSCL4sWiD8M1baQ%40mail.gmail.com.
>
--
Peter Eckersley p...@eff.org
Chief Computer Scientist Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
Daniel, this design looks promising! The ACME devs should weigh in on
whether there are any constraints on the CSR that are likely to need to
be documented for this type of client.
>
--
Peter Eckersley p...@eff.org
Chief Computer Scientist Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
Ryan Hurst
Nov 21, 2015, 6:24:04 PM11/21/15
to Daniel Roesler, Let's Encrypt Client Development
PKIjs is based on WebCrypto, the key is generated by the same underlying crypto that is implemented in the browser which in some cases may either be OpenSSL or the operating system binaries.
In other words, this is not "Javascript crypto".
It is also possible to us as a single page application just as you do here so it can work without risk of external dependencies.
Not saying you need to use it but just wanted you to know it was availible.
Ryan
Daniel Roesler
Nov 23, 2015, 9:17:15 PM11/23/15
to Ryan Hurst, Let's Encrypt Client Development
Yep, definitely familiar with WebCryptoAPI, but not interested in
private key handling in any way.
Anyway, this project is now live at https://gethttpsforfree.com :)
Now, anyone (including Windows users) can get free https certificates
without installing anything :)
Daniel
private key handling in any way.
Anyway, this project is now live at https://gethttpsforfree.com :)
Now, anyone (including Windows users) can get free https certificates
without installing anything :)
Daniel
Reply all
Reply to author
Forward
0 new messages