Hey everyone,

Just a quick question, let’s encrypt, what is it and how can I take advantage of its services?

For a bit of background I’m trying to setup KanIDM and the need for a ca certificate is needed, I was told to use let’s encrypt to create it.

Just looking for knowledge.

Thanks!

  • Alado@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Use Caddy as a web server and forget about setting up certificates forever. This masterpiece will take care of it.

    • IAm_A_Complete_Idiot@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Kanidm wants to directly have access to the letsencrypt cert. It refuses to even serve over HTTP, or put any traffic over it since that could allow potentially bad configurations. It has a really stringent policy surrounding how opinionated it is about security.

        • IAm_A_Complete_Idiot@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Yeah. There’s reasoning for why they do it on their docs, but the reasoning iirc is kanidm is a security critical resource, and it aims to not even allow any kind of insecure configuration. Even on the local network. All traffic to and from kanidm should be encrypted with TLS. I think they let you use self signed certs though?

  • wildbus8979@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    edit-2
    1 year ago

    I don’t know KanIDM specifically so take this with a grain of salt.

    Let’s Encrypt only provides server certificates. The kind used to secure a connection (HTTPS, IMAPS, etc). KanIDM might require a Certificate Authority (CA) certificate to issue Client Certificates (used for authentication like MIME-S, WPA Enterprise, etc). Let’s Encrypt cannot be used for this purpose.