Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
New feature: IntraWeb handling Let's Encrypt certificates
#1
Hi guys!

Next IntraWeb version will handle the whole Let's Encrypt certificate generation process. Let's Encrypt (https://letsencrypt.org/), in their own words is "A nonprofit Certificate Authority providing TLS certificates to 180 million websites". Let's Encrypt certificates are 100% free.

We created a new ACME client, written in Delphi, which will be part of IntraWeb Ultimate and 100% integrated to the IntraWeb application. It will be able to fully handle Let's Encrypt HTTP-01 Challenge (https://letsencrypt.org/docs/challenge-types/), including: generation of key pairs and CSR (Certificate Signing Request), handling of the challenge itself (saving a challenge file in a specific folder and responding to Let's Encrypt request), downloading the Certificate from Let's Encrypt server and installing it (depending on your deployment type).

When done manually, the whole certificate process is *painful* and needs to be repeated every 3 months or less (LE certificates need to be renewed every 3 months). Also, if you are using other paid Certificate Authority, it can cost you up to a couple of hundreds *per year* for a simple certificate...

In short: all IW applications can benefit from SSL/HTTPS security with almost ZERO human intervention and very low maintenance! A really cool feature that will save you lots of work and also money!

First version will be ready for testing in a few days.

Stay tuned!  Big Grin
Reply
#2
Awesome!
Reply
#3
Very cool, can't wait to use it.
Reply
#4
(02-27-2020, 04:40 PM)kudzu Wrote: Awesome!
Yes awesome!  I knew that if I procrastinated long enough he'd make it even easier!

Dan
Reply
#5
Quote:Yes awesome!  I knew that if I procrastinated long enough he'd make it even easier!

Dan

I wish I could procrastinate too LOL

Everything related to certificates is *painful* to do, especially programming against those APIs (OpenSSL, WinCrypt, etc) Rolleyes
Reply
#6
(02-27-2020, 09:37 AM)Alexandre Machado Wrote: Hi guys!

Next IntraWeb version will handle the whole Let's Encrypt certificate generation process. Let's Encrypt (https://letsencrypt.org/), in their own words is "A nonprofit Certificate Authority providing TLS certificates to 180 million websites". Let's Encrypt certificates are 100% free.

We created a new ACME client, written in Delphi, which will be part of IntraWeb Ultimate and 100% integrated to the IntraWeb application. It will be able to fully handle Let's Encrypt HTTP-01 Challenge (https://letsencrypt.org/docs/challenge-types/), including: generation of key pairs and CSR (Certificate Signing Request), handling of the challenge itself (saving a challenge file in a specific folder and responding to Let's Encrypt request), downloading the Certificate from Let's Encrypt server and installing it (depending on your deployment type).

When done manually, the whole certificate process is *painful* and needs to be repeated every 3 months or less (LE certificates need to be renewed every 3 months). Also, if you are using other paid Certificate Authority, it can cost you up to a couple of hundreds *per year* for a simple certificate...

In short: all IW applications can benefit from SSL/HTTPS security with almost ZERO human intervention and very low maintenance! A really cool feature that will save you lots of work and also money!

First version will be ready for testing in a few days.

Stay tuned!  Big Grin

Hi,

Is there a demo or sample code about this feature?

Thanks in advance,

Omar Zelaya
Reply
#7
Will this handle multiple alternative names and wildcard certs?  For example:  say one HTTPSYS IW app is bound to abc.com, www.abc.com, 123.com, and www.123.com.  To issue/renew wildcards through another ACME client I have to submit abc.com, *.abc.com, 123.com, and *.123.com then add / delete DNS TXT records for each to validate (a pain).
Reply
#8
Thumbs Up 
Thank you Alexandre
Reply
#9
(02-28-2020, 10:23 AM)Alexandre Machado Wrote:
Quote:Yes awesome!  I knew that if I procrastinated long enough he'd make it even easier!

Dan

I wish I could procrastinate too LOL

Everything related to certificates is *painful* to do, especially programming against those APIs (OpenSSL, WinCrypt, etc) Rolleyes

Would this require the server to be exposed to the Internet + have a valid Domain? I think it will. And so it would very probably not work for intranet websites that do not have a valid public domain name and cannot be connected to from outside, right?

Have you released it in .52 or .53? Is there an sample project for this?
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)