Basil Hendroff
Wizard
- Joined
- Jan 4, 2014
- Messages
- 1,644
Let's Encrypt is a certificate authority (CA) that's made free TLS certificates readily available since about April 2016. In more recent times, other CAs such as ZeroSSL have joined the fold to provide free certificates as well. The supplied certificates have a short lifetime, typically three months. They're designed for data encryption across the internet. It's now possible to set up your own internal CA to issue certificates as an alternative to generating self-signed certificates using OpenSSL. These certificates are designed for data encryption within the local network. SmallStep has made this technology freely available. The lifetime of these certificates is even shorter at just one day.
Given the continued rise in interest and popularity of free, short lifetime certificates, iXSystems could be a leader and provide a mechanism to easily deploy such certificates on TrueNAS servers. I'm aware that @danb35 has done some terrific work to address this shortcoming; first using external certificates in his resource Let's Encrypt with FreeNAS 11.1 and later and more recently with internal certificates in his resource TLS certificates from a local certificate authority. What danb35 has implemented are some very clever middleware hacks for both resources.
Moving forward, I really think iXSystems should pick up the reins and provide a streamlined and robust mechanism that will facilitate the automated deployment of short lifetime TLS certificates on TrueNAS servers. What do other forum members think? If there's enough interest, I'll go ahead and submit a suggestion on JIRA.
Given the continued rise in interest and popularity of free, short lifetime certificates, iXSystems could be a leader and provide a mechanism to easily deploy such certificates on TrueNAS servers. I'm aware that @danb35 has done some terrific work to address this shortcoming; first using external certificates in his resource Let's Encrypt with FreeNAS 11.1 and later and more recently with internal certificates in his resource TLS certificates from a local certificate authority. What danb35 has implemented are some very clever middleware hacks for both resources.
Moving forward, I really think iXSystems should pick up the reins and provide a streamlined and robust mechanism that will facilitate the automated deployment of short lifetime TLS certificates on TrueNAS servers. What do other forum members think? If there's enough interest, I'll go ahead and submit a suggestion on JIRA.
Last edited: