Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I recently read about how Plex got trusted SSL certificates for all their users in partnership with DigiCert, and was really curious if a similar scheme could be accomplished with Let's Encrypt. The scheme required wildcard certificates so I figured it wouldn't be possible. But with this announcement, maybe it would be! I work on a product that generates a self-signed cert and so our customers always get a cert warning. They can replace the cert with their own if they like, but some customers aren't set up to do that. Offering an alternative where we securely mediate creation of a trusted SSL cert would be fantastic.

See: https://www.plex.tv/blog/its-not-easy-being-green-secure-com... and https://blog.filippo.io/how-plex-is-doing-https-for-all-its-...



If your product consists mainly of a HTTPS service with some particular Internet accessible fully qualified domain name, say https://benth-app.customername.example/ where your customer owns customername.example then it's possible already today although you should ensure the customer is told what you're up to of course.

If your service doesn't provide HTTPS or customers don't have it accessible from the public Internet then you'd need cooperation from them unless you yourselves control the DNS records involved.


In our case, the appliance usually can access the internet, possibly through a proxy, but it's not accessible from the internet.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: