From owner-freebsd-questions@freebsd.org Mon Dec 19 08:24:07 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B2B94C8806F for ; Mon, 19 Dec 2016 08:24:07 +0000 (UTC) (envelope-from vbotka@gmail.com) Received: from mail-wj0-x244.google.com (mail-wj0-x244.google.com [IPv6:2a00:1450:400c:c01::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 437B81FF8 for ; Mon, 19 Dec 2016 08:24:07 +0000 (UTC) (envelope-from vbotka@gmail.com) Received: by mail-wj0-x244.google.com with SMTP id j10so22491640wjb.3 for ; Mon, 19 Dec 2016 00:24:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:in-reply-to:references :organization:mime-version; bh=JafxpzPNlf7x7xiVxi7PQ0V5uGVrfx3HZd8qaW/f/jM=; b=YMWtecrKoABQEtHjFJXOy5k5AeAWEM7uC4kxdkVCtVxCkOFhI/ndEZMxd0LC84m/rZ vDX2uY8urR3A1ubl00QrBpIpFGJ7TKVdM3uJ5EB1Z26gpD9rFPC6rwEhxvHMp+dCcc8m 4wTwGFsw8QClKxOrAg/1lF4F/nrf944pexYuI4SYFJwPGp2hYmVIqNYBeVebAmCQ1VVN TbLV7Y+aBRQwFNZBY5XjlFxssKr59nVNEzfVg72meGx96t5oVpvUR7oetCz+WGbAb3vg JAMSJTQcWjSZ9+U9JGmyR7uo7fWS931Nl46QlkODVJ4YLBZmIxGglvvPBmNF9Bcnf62E 08hA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:organization:mime-version; bh=JafxpzPNlf7x7xiVxi7PQ0V5uGVrfx3HZd8qaW/f/jM=; b=Jyth67KA5LHXCRGJUVEc73wpOyEhVTOG1mmBaZx/GL/ixmi8plSAv8WTht5GC6RJkX oYP3iBxRWN520vktUy35O2XjClGa5s/EGrbzxDiaS+WQnviaHlkGSYPKUGk7cMho9xc0 va45olWTWct2y0YWQXDfgv6kJUsxp5/ye4+1NCoCwdVsxmBy11rMs8m5ffVy/8mR+laM 7OBmbwFRFRKTEyiZf4trvsDYct24a94IYoNbzhFJe0m43eyiKAxSWDrWNI9UPSnh47Tz TYFPZp+cEidHxLNMex4dsYa6TC6+U78IJW0Ew8vrbdG0OGQwAaqS6HtK6VrYdawQVxZf yyyw== X-Gm-Message-State: AIkVDXL12tZcygdgji3atPxKq8T+KeFTyRUPa/oxD/opBQhnGqByfX5a1buBqlvYS87iyg== X-Received: by 10.194.85.137 with SMTP id h9mr12106391wjz.23.1482135845134; Mon, 19 Dec 2016 00:24:05 -0800 (PST) Received: from planb.netng.org (85-237-234-55.dynamic.orange.sk. [85.237.234.55]) by smtp.gmail.com with ESMTPSA id wg8sm19479134wjb.42.2016.12.19.00.24.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Dec 2016 00:24:04 -0800 (PST) Date: Mon, 19 Dec 2016 09:23:54 +0100 From: Vladimir Botka To: Amitabh Kant Cc: David Mehler , freebsd-questions Subject: Re: ssl certificate Message-ID: <20161219092354.4aa0f1c4@planb.netng.org> In-Reply-To: References: Organization: na X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.30; i686-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/==0m/8HLU1bc552m70Cw.SJ"; protocol="application/pgp-signature" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Dec 2016 08:24:07 -0000 --Sig_/==0m/8HLU1bc552m70Cw.SJ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Mon, 19 Dec 2016 10:28:11 +0530 Amitabh Kant wrote: > Try https://letsencrypt.org/ . It has a fairly broad acceptance. >=20 > On Mon, Dec 19, 2016 at 10:24 AM, David Mehler > wrote: > > Hello, > > Right now I'm doing self-signed ssl certificates, with my own CA. This > > works fine, but might break. I've got a user who will be connecting > > via sftp and via https and who might be put off by the self signed > > aspect. > > I am wondering if there are any free ssl providers? Port security/py-certbot (letsencrypt.org client) works fine for me. FYI, Automatic Certificate Management Environment (ACME) is IETF project https://github.com/ietf-wg-acme/acme/ FWIW, you might want to try my scripts and automate the renewal via cron https://github.com/vbotka/le-utils. Available also as an Ansible role https://galaxy.ansible.com/vbotka/leutils/. There are also other letsencrypt clients https://github.com/certbot/certbot/wiki/Links#other-lets-encrypt--acme-clie= nts HTH, Cheers, -vlado --Sig_/==0m/8HLU1bc552m70Cw.SJ Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYV5kaAAoJEJDRmRKO1E8BtroIAKOeSiVfCxnNRgGcyHQLcEfa YgoQkq5neZoNgoqx9NgIYPeUriLEvSWJsBYP3EyTUD4qtHd873VGK88VmMpqkvJL /Ctcm7vXAch3a+KG1DdzP/bqmXo1DYvRXGyYVyeyVn0xVjkoSIQOzCagBXZ6Z+19 sp+VyISa30kyqwn9r8ARvf1iQkW3ps4OSz9mMJw1KSFDw9ivrfYW3IC0mQPhFy21 C1KF8NeooaWO5VbanwhpZOcYTC7VQPJ7Ny0T4luusz8YOeVPHEDMelEi5MciL6D1 2QUmgCrDQPC/jIs5GAoi3HviGoRcjsO0zHCtBQULrMEzFrBBjV7ApD/0OAsnoVs= =nS/m -----END PGP SIGNATURE----- --Sig_/==0m/8HLU1bc552m70Cw.SJ--