• Atlanta,
  • GA,
  • United States

Top Contributors

Free SSL Encryption from the EFF. Let's Encrypt!

The EFF announced this week that they are starting an initiative to get SSL certificates into the hands of  everyone on the web with their project: https://letsencrypt.org/

The initial video I saw on it (https://www.youtube.com/watch?v=Gas_sSB-5SU) shows how it will work on *nix based systems. I happily run Debian web servers for just about everything except my Windows Domain and Exchange Servers (which may be replaced in the next 18 months because MS keeps upping the hardware requirements for new versions of server, and I just can't justify the expense just to run the "new version" of Windows, but that's another story).

I immediately thought this was a good way to do domain level validation in an automated way. Of course, how would this work for SAN certs required for exchange? Or could it? What about IIS? I am not sure there is an easy way to do this with IIS like there is with Apache.

From a security standpoint, what do you guys see as the pitfalls and pluses of this system? (Other than domain validation SSLs are no longer stupidly expensive....)
Rank: Genius

Expert Comment

Dave Howe2014-11-23 02:37 AMID: 135386
you can script the changes with IIS just like you do with apache (there are a bunch of example VBS files for various things out of the box)

Not sure they will be issuing SAN certificates though; the massive price markup for SAN is one of the major cash cows of the CAs, and they will fight tooth and nail to stop it being devalued this way.