irods with free ssl certificate (Let's Encrypt certificate)?

[MBANZA Sara]

Hello,

I have already generated a self signed certificate (see codes below) and used it on my irods server. This is working very well as expected.

Now I would like to use Let's Encrypt certificate, instead of the self signed certificate. I wonder how I can generate Let's Encrypt certificate by using Certbot for my irods server. Any help/codes/... would be appreciated. Thanks.

[irods@myhost ~]$ mkdir /etc/irods/ssl

[irods@myhost ~]$ cd /etc/irods/ssl

[irods@myhost ssl]$ openssl genrsa -out irods.key 2048

[irods@myhost ssl]$  chmod 600 irods.key

[irods@myhost ssl]$  openssl req -new -x509 -key irods.key -out irods.crt -days 365

Country Name (2 letter code) [XX]:..

State or Province Name (full name) []:..

Locality Name (eg, city) [Default City]:...

Organization Name (eg, company) [Default Company Ltd]:..

Organizational Unit Name (eg, section) []:..

Common Name (eg, your name or your server's hostname) []:<FQDN_of_my_irods_server>

Email Address []:...

[irods@myhost ssl]$  openssl dhparam -2 -out dhparams.pem

[irods@myhost ssl]$  ls -l

total 12

-rw-rw-r--. 1 irods irods 424 Apr 8 09:37 dhparams.pem

-rw-rw-r--. 1 irods irods 1424 Apr 8 09:34 irods.crt

-rw-------. 1 irods irods 1679 Apr 8 09:32 irods.key

Regards

Sara

[Alan King]

I am sure you are already aware of and may have been following these steps, but I will link our server SSL instructions here for reference just in case: https://docs.irods.org/4.3.0/plugins/pluggable_authentication/#server-ssl-setup

The section titled "Acquire a certificate for the server" describes the process of generating a certificate signing request to send to your CA of choice (in this case, Let's Encrypt) and then receive back a certificate chain file.

I don't know much about sending the certificate signing request to the CA or receiving the certificate chain file from the CA, but it seems that Let's Encrypt uses the ACME protocol to automate its certificate issuing process. They seem mainly focused on web servers but I don't see why the process would be any different for any other kind of server. I think you will need to work with one of their supported ACME clients: https://letsencrypt.org/docs/client-options/

I know that doesn't offer much, but perhaps others in the know can chime in :)

--
--
The Integrated Rule-Oriented Data System (iRODS) - https://irods.org
 
iROD-Chat: http://groups.google.com/group/iROD-Chat
---
You received this message because you are subscribed to the Google Groups "iRODS-Chat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to irod-chat+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/irod-chat/de6d0456-19a6-4dd8-a317-b824ab65b3b2n%40googlegroups.com.

--

Alan King

Senior Software Developer | iRODS Consortium