[Cryptography] Apple's 13-month certificate policy
John Levine
johnl at taugh.com
Sat Feb 22 23:15:22 EST 2020
In article <19f3eff7-5d48-4227-5e7d-02fa58f55bc8 at oneunified.net>,
Raymond Burkholder <ray at oneunified.net> wrote:
>And systems protected by certificates aren't just web servers sitting on
>the same server as the dns server for the TXT based authorization.Â
>There are email servers involved with certificates. No web front end.
I have LE certs on my mail servers. They're managed automatically
with acme.sh and some python scripts that use a web API to insert
the validation records into the DNS zones.
If I didn't run my own DNS, this would be harder, but there are plenty
of commercial DNS providers with APIs that allow zone updates. Perhaps
we've identified a business opportunity.
--
Regards,
John Levine, johnl at taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
More information about the cryptography
mailing list