You can issue certificates with internal hostnames, with any lifetime you’d like, using any key type, and you don’t have to worry about public Web PKI threats like rate limits, China, or the NSA. It means you needn’t trust 100+ third parties for your internal systems’ security. Running your own CA is more flexible than using a public Web PKI CA. Simulating Let’s Encrypt’s CA in dev & pre-production in scenarios where connecting to Let’s Encrypt’s staging server is problematic.so you can use mutual TLS for authentication & encryption. Using ACME in production to issue certificates to workloads, proxies, queues, databases, etc.There are lots of reasons you might want to run your own CA, but the two that guided our ACME implementation are: The bulk of this post demonstrates how that’s done. ACME support in step-ca means you can easily run your own ACME server to issue certificates to internal services and infrastructure in production, development, and other pre-production environments.ĪCME support in step-ca means you can leverage existing ACME clients and libraries to get certificates from your own certificate authority (CA).
0 kommentar(er)
