Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 16025 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Possible to use Let's Encrypt on XG?

oxident

Hi!

Is it somehow possible to use Let's Encrypt SSL certificates in XG? As far as I understand it, they rely on short term issued certificates which have to be re-issued every two weeks. I guess this isn't possible directly on the XG but maybe I could automate this on a machine behind the firewall?



This thread was automatically locked due to age.
  • 0

    Oxident,

    CSR can be generated on XG, but manually. The best way to generate CSR is to use a linux machine and write a small script that generate it. Otherwise use a certificate that expires at least after one year.

  • 0 in reply to lferrara

    Hi Luk,

    well, as far as I know, Let's Encrypt's certificates needs to be renewed in a very short interval. Using a Linux machine to automate this sounds good but I don't think there's a way to automatically "submit" those certificates to the XG.

    So one possible solution would be to have an API on the XG which allows to install (and assign) new certificates.

    For now I'm using StartSSL to get free SSL certificates every year.

  • 0 in reply to oxident

    The Let's encrypt certs are only valid for 90 days before they need to be renewed. I hope we can get some automation built in the operating system, but i don't think it will happen. 

    The pfsense guys are putting it on hold for now.. www.reddit.com/.../d22nulb