413 HTTPS / SSL

Posted Almost 7 years ago. Visible to the public.

At makandra we can provide different solutions for HTTPS/SSL.

Let's Encrypt is a certificate authority that launched on April 12, 2016 that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.

https://en.wikipedia.org/wiki/Let's_Encrypt Show archive.org snapshot

  • You can get certificates free of charge.
  • You don't have to worry about verification mails, expiring or reissuing certificates.
  • Everything is automated and monitored.
  • If your application need to get accessed by very old clients like old Java Versions, the certificate is perhaps not usable for you (see here Show archive.org snapshot ).

There is one caveat: When one of your domains with Let's Encrypt is deleted or does not longer point to our IP and that change has not been communicated to us, the automated renewal of the certificate will stop working and thus the certificate will expire for all your applications after 30 to 60 days and all browsers will show an SSL certificate error.

Let makandra buy a certificate for you

  • If you need a special certificate (like a wildcard or EV certificate) or don't want to use Let's Encrypt we can buy and configure the certificate for you. Due to the complicated pricing model of ssl certificates please ask for a price list.
  • For the verification you need to have access to one of these email address of your domain:
    • admin@[yourdomain]
    • postmaster@[yourdomain]
    • hostmaster@[yourdomain]
    • webmaster@[yourdomain]
    • administrator@[yourdomain]

Buy a certificate yourself

  • You can also use an existing or self bought certificate.
  • Please talk with us about how to send us your certificate key. Do not send us the key of your certificate through an unencrypted channel.

Additional IP addresses for additional certificates

In the past we only allowed one certificate per IP because SNI Show archive.org snapshot support was not readily available. In the future we will automatically use multiple certificates per IP if needed. Please tell us if you are working with really old Software that does not support SNI (e.g. Java 1.6).

Thomas Eisenbarth
Last edit
Over 4 years ago
Marius Schuller
License
Source code in this card is licensed under the MIT License.
Posted by Thomas Eisenbarth to opscomplete (2017-03-31 11:32)