Jump to content

Amazon Echo added IFTTT

Scottmichaelj

By Scottmichaelj
in Coffee Shop

Recommended Posts

ahwman Advanced

ahwman

Posted
Posted

FYI, letsencrypt is now live.  Free valid certs for all :-P

Unfortunately for those of us who wish to use a trusted cert on our ISY, we're out of luck since the ISY doesn't support intermediate certs which to my knowledge all CA's have moved to. That said, this is of little benefit until support is added...

Link to comment
MWareman Advanced

MWareman

Posted
Posted

 

 

Unfortunately for those of us who wish to use a trusted cert on our ISY, we're out of luck since the ISY doesn't support intermediate certs which to my knowledge all CA's have moved to. That said, this is of little benefit until support is added...

I'm told this might just be on its way...... Not that letsencrypt will work - it requires their custom client, and only issues 90 day certs.

Link to comment
apnar Experienced

apnar

Posted
Posted

Hello everyone,

 

Intermediate certs are now functional and doing alpha testing. Should be available shortly.

 

With kind regards,

Michel

Michel,

 

Do you happen to know if installing a cert (and now intermediates) is doable via the ISY REST API?

Link to comment
ahwman Advanced

ahwman

Posted
Posted

Hello everyone,Intermediate certs are now functional and doing alpha testing. Should be available shortly.With kind regards,Michel

Michel, that is great news! That said, should we expect to see this in the next beta or will it follow a different upgrade path?

 

Thanks for all that you do!

Chuck

Link to comment
MWareman Advanced

MWareman

Posted
Posted

There is an open source client for letsencrypt (https://github.com/letsencrypt/letsencrypt). On the site, it says:

 

The Let's Encrypt Client is a fully-featured, extensible client for the Let's Encrypt CA (or any other CA that speaks the ACMEprotocol) that can automate the tasks of obtaining certificates and configuring webservers to use them.

 

I don't (yet) know what the 'ACME' protocol it, but it looks like this is the protocol that would need to be added to the ISY (or Admin Console) to effect free publically trusted certificates.

 

Preference would be on the ISY itself - they are short lifetime certificates. They really want the appliance to self maintain them.

 

As I've mentioned before, if ISY is able to do this, UDI will seriously reduce support incidents for users setting up SSL.

 

Michael.

 

Edit: ACME is a json over SSL protocol. Looks easy enough! https://en.m.wikipedia.org/wiki/Automated_Certificate_Management_Environment

 

The overall idea is that it's nearly as easy to deploy with a CA-issued certificate as a self-signed certificate, and that once the operator has done so, the process is self-sustaining with minimal manual intervention. Close integration of ACME with HTTPS servers, for example, can allow the immediate and automated deployment of certificates as they are issued, optionally sparing the human administrator from additional configuration work.

https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md
Link to comment

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...