[Cryptography] Apple's 13-month certificate policy
John Levine
johnl at iecc.com
Sun Feb 23 13:39:43 EST 2020
In article <30c9b81b-9589-f56e-2c2f-de21e92fa89d at oneunified.net> you write:
>Correct me if I'm wrong, but my ACME api can't automate the auto-renewal
>for my email server if it doesn't have a web port open, or my HP ILO
>servers for the management port, or the VPN servers with other styles of
>lockdowns, .... other forms of automation are thus required, at various
>levels of complexity.
ACME can authenticate against the DNS, no web transactions needed. This
works, it's how I do all my certs. You're right to the extent that code
for DNS-based clients isn't as widespread or as easy to use as the web
clients.
R's,
John
More information about the cryptography
mailing list