so manually running through DCM is not effective unless you have too much
time on your hands.

There is the QykmImportKeyStore API (n1) that might be able to help with
automation. We have a dev at KrengelTech working on this right now.

Also, the 90-day thing(n2), while annoying, seems to be the right direction
moving forward. There are repos(n3) coming about that aim to aid in
automating the experience.

On final note, I have a letsencrypt certificate working with nginx on IBM
i(n4). Yahoo!

n1 - http://bit.ly/QykmImportKeyStore
n2 - https://letsencrypt.org/2015/11/09/why-90-days.html
n3 - https://github.com/diafygi/letsencrypt-nosudo
n4 - http://bit.ly/litmis-nginx-ssl-nodejs

Aaron Bartell
litmis.com - Services for open source on IBM i


On Tue, Jan 12, 2016 at 10:34 AM, Porterfield, Sean <SPorterfield@xxxxxxxx>
wrote:

LE certificates are cross signed and trusted by all modern browsers.
(This covers the second sentence/paragraph of Brad's reply.)

They are only valid for 90 days, though, so manually running through DCM
is not effective unless you have too much time on your hands.

nginx is supported by the LE client, so Aaron may be able to automate the
renewal of that with little difficulty.

There are other options for less than $60/yr, and this is not the first
free certificate provider. AFAIK, they are the first to automate the
process. LE does not support wildcard certificates.
--
Sean Porterfield


-----Original Message-----
From: Bradley Stone
Sent: Monday, 11 January, 2016 13:21

It should work fine no matter the CA... as long as your application
"trusts" the CA.

If you use this and you have to tell a user how to "trust" it with your
application (no matter the platform), it may not be the best solution until
the big players include them in the standard CA lists.

Brad
www.bvstools.com

On Mon, Jan 11, 2016 at 11:50 AM, Nathan Andelin <nandelin@xxxxxxxxx>
wrote:


The above is free for securing websites. I am giving it a test
drive this week with nginx on IBM i.


I've wondered for years if/when the price of certificate-authority
services would come down. It seems like such a racket to be able to
charge $60+ per year to host one. The prices of wildcard certificates
are way out of line, IMHO. I was beginning to wonder if the Mafia
controlled the syndicate.

________________________________

This email is confidential, intended only for the named recipient(s) above
and may contain information that is privileged. If you have received this
message in error or are not the named recipient(s), please notify the
sender immediately and delete this email message from your computer as any
and all unauthorized distribution or use of this message is strictly
prohibited. Thank you.
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.