Brainstorming: ACME relays?
33 views
Skip to first unread message
Jacek Wielemborek
Dec 9, 2015, 5:43:09 AM12/9/15
to ca-...@letsencrypt.org
List,
I just had this idea and I wonder how much sense it makes. Consider the
example scenario:
1. Members of an organization have their own servers and a single port
other than 443 or 80 forwarded,
2. They also have a wildcard DNS entry that lets them set up many vhosts
within the organization's domain,
3. They'd like to get a letsencrypt.org certificate, but since they
don't own 443 or 80, they'd need to run the process through the network
admin
I had this thought that in such scenario, it might be convenient to have
a "cert server" - an ACME relay that performs extra work when requests
are made (e.g. checking is the registration e-mail within the
organization's domain), possibly also extra work when the request is
finished (sending the certificate to the recipient) and serve additional
TLS-related tasks - think of a front-end with convenient cert revocation
and custom notifications related to monitoring whether the certificate
expired.
Do you think that such a scenario and the project I described would make
sense?
Cheers,
d33tah
I just had this idea and I wonder how much sense it makes. Consider the
example scenario:
1. Members of an organization have their own servers and a single port
other than 443 or 80 forwarded,
2. They also have a wildcard DNS entry that lets them set up many vhosts
within the organization's domain,
3. They'd like to get a letsencrypt.org certificate, but since they
don't own 443 or 80, they'd need to run the process through the network
admin
I had this thought that in such scenario, it might be convenient to have
a "cert server" - an ACME relay that performs extra work when requests
are made (e.g. checking is the registration e-mail within the
organization's domain), possibly also extra work when the request is
finished (sending the certificate to the recipient) and serve additional
TLS-related tasks - think of a front-end with convenient cert revocation
and custom notifications related to monitoring whether the certificate
expired.
Do you think that such a scenario and the project I described would make
sense?
Cheers,
d33tah
Reply all
Reply to author
Forward
0 new messages